WordPress.org

1. Randall Flagg
   Member
   Posted 6 months ago #

   Well, recently I had some problems with my wordpress, I got some not wanted <iframe> in my site.
   So I started my research, and got here...
   http://factoryjoe.com/blog/2007/11/08/vulnerability-in-wp-super-cache-v01/comment-page-1/#comment-104466
   and said this:
   Does this bug still a problem?
   The Version: 0.9.4.3 is now on, but I think I had a vulnerabily over this plugin…
   I’m not sure, but I got an Exploit via … nothing to worry to much.
   In windows Eset anti-virus marked my site as dangerous.
   (thou it could be some javascript I put there, somewhere I think, with the wp-super-cache let someone in)
   The Iframes where into de WP Core.. not in my template, so it was a real pain in the ass to now what the heck it was.

   Now I put in my site the SECRET_KEY with a well password.. But, i activated again the wp-super-cache.. lets see what happends

   -----

   Does this vulneravility problem still a problem?

2. donncha
   Member
   Posted 6 months ago #

   That was fixed a long time ago, and it was a problem in the recursive mkdir() function WP uses that is fixed too. At the time passing "//" to it would do strange things. WP Super Cache happened to expose that on some hosts (but not all). There wasn't a vulnerability that a remote hacker could take advantage of.

   You were hacked some other way, probably before you upgraded to wp 2.7.1 or through one of your plugins. Look for my exploit scanner to help get rid of the malicious code.

3. Randall Flagg
   Member
   Posted 6 months ago #

   Thanks! =)
   Just wanted to make sure actually.
   I think I know were the problem was.
   Unless I know now that my wp is safe =)

Reply

You must log in to post.