WordPress.org

Ready to get started?Download WordPress

Forums

Arbitrary File Upload Vulnerability / Exploit? (5 posts)

  1. Impressum
    Member
    Posted 5 years ago #

    Hello, folks.
    Here's something from a total beginner with WordPress and no guru with coding and programming:

    I've just installed WordPress 2.7.1 locally, based on a Wamp Server install in WinXp. Playing around in the settings, I noticed the following message in the Dashboard, under Incoming Links:

    "Buyacorp linked here saying, " Exploit http://localhost/wp/?attachment_id=49 S ...""

    The word "saying" was a link (as I formated it above). The "http://localhost..." was plane text. Buyacorp, bolded. "wp" is the name of the folder where I installed WordPress locally.

    I visited the link under "saying" and it's spanish, which I don't speak. I googled a bit and came up with this. Here it states, the bug was fixed with the changeset 5765 but I quess it was not.

    I quickly deconnected the Wamp Server. :)

    Any suggestions? Any fixes?
    Many thanks.

  2. Len
    Member
    Posted 5 years ago #

    I have dozens of locals installs all containing various incoming links. They're not referring to your install. Localhost is exclusive to your machine. :)

  3. Impressum
    Member
    Posted 5 years ago #

    Thanks LenK for the response.

    I don't quite get it. I know localhost is refering strictly to my pc, but I still don't see how the heck did the "incoming link" get there, in the Dashbord. Does WordPress.org put random dummy (incoming)links in their install files? Or did someone, somewhere, somehow link to my "local" blog and then it's problem? :)

  4. left_coaster
    Member
    Posted 4 years ago #

    Yeah, I've got the same thing happening on my install as well. I don't think it's related to your computer specifically but perhaps WP is sharing links from other WP installs that point to http://localhost/whatever/ then shares them on every machine that has http://localhost as their domain.

    Just a guess. Don't think it's something to be worried about from a security standpoint but I think that some people may be concerned about the privacy issues involved. Perhaps they are using a local install of WP to keep a private diary or something...

    Aaron

  5. tusker
    Member
    Posted 4 years ago #

    I have a blog that is not on localhost anymore though I used it previously as a localhost website. Now it has a domain name with DNS and all. Why it still shows links from localhost like http://localhost/whatever?ref= ??

    And they are there for 3 odd months now, and strangely the blog has so many backlinks even listed in google.

Topic Closed

This topic has been closed to new replies.

About this Topic