I'm still at a loss as to how they got that option to change though.
another problem, perhaps, SQL injection?
of course, if they could do that, they wouldnt need the 2.6.4 version to get passwords. Unless, they just wanted to see if what they were doing could be done.
you would think.
Exactly my idea. The hack itself seems pretty harmless and even the '2.6.4' doesn't seem to do much but stealing cookies of the fifth user. I guess it's a test and since
http://www.wordpresz.org is sharing the IP address (209.160.33.108) with a fake online pharmacy http://www.livepills.com.
my guess is that it's either a test to spam the dashboard or see how many people can be fooled into installing a fake WP and then put them full of spam.
Strange too, btw., that immediately after people started talking about it, the domainname was dropped.
Maybe having us discuss how the dashboard can be changed was the whole point :-)
Even if he was running 2.5, the SECRET_KEY stuff would prevent them from getting the passwords from a simple sql injection.
I'm thinking it was most likely an automated sql injection through a vulnerable plugin. Mass scripting, since others have reported it too. No easy way to tell which one though, without server logs. Considering the hack itself, the vulnerability may be confined to modifying rows in the options table, which leaves few avenues for attack.
secret key...would prevent them from getting the passwords from a simple sql injection.
...that wouldnt stop them from getting the data, that would just stop further processing.
But yes, I understand your point.
« Previous 1 2
This topic has been closed to new replies.
