Secure Coding mailing list archives
[WEB SECURITY] Wordpress website hacked, wordpress backdoored
From: bugtraq at cgisecurity.net (bugtraq at cgisecurity.net)
Date: Sat, 3 Mar 2007 19:07:22 -0500 (EST)
a) the final binaries were the ones infected (very easy to detect (imagine if the infected code was actually from 'real' SVN source code and made from a 'trusted' developer)) b) by the speed this was detected the exploit (and the blog page didn't give a lot of details about it) must have been a very 'HEY I AM A BACKDOOR!!!!' kind of code. A real exploit would be one that (using a .NET
The original mailing list post by Ivan Fratric is at http://msgs.securepoint.com/cgi-bin/get/bugtraq0703/28.html for those curious of the code differences. Given the brazen addition of multiple functions (instead of modifying an existing one to make it vulnerable) we're probably not looking at the highest caliber of attacker here.
And OWASP uses WordPress (although Mike tells me that we were not affected) for our blogs
Thanks for sharing about what OWASP runs. Not sure how this ties into the thread though. Again hats off to Ivan Fratric for spotting this before it became a much larger issue. Regards, - Robert http://www.cgisecurity.com/ Application Security news and more http://www.cgisecurity.com/index.rss [RSS Feed]
---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Current thread:
- [WEB SECURITY] Wordpress website hacked, wordpress backdoored Dinis Cruz (Mar 03)
- [WEB SECURITY] Wordpress website hacked, wordpress backdoored bugtraq at cgisecurity.net (Mar 03)