WordPress.org

Ready to get started?Download WordPress

Forums

Exploit in Twentyten author.php ? (3 posts)

  1. develth
    Member
    Posted 1 year ago #

    Hi there,

    i got an abuse report and i checked my logs etc.

    I stumpled upon folloewing:

    63... - - [13/] "GET /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1" 200 438 "-" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    63... - - [13/] "GET /favicon.ico HTTP/1.1" 404 309 "-" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    63... - - [13/] "POST /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1" 200 4697 "http://host.com/wordpress/wp-content/themes/twentyten/author.php" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    63... - - [13/] "POST /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1" 200 3597 "http://host.com/wordpress/wp-content/themes/twentyten/author.php" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    63... - - [13] "POST /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1" 200 3668 "http://host.com/wordpress/wp-content/themes/twentyten/author.php" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    63... - - [13] "GET /smtp.php HTTP/1.1" 200 1725 "-" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    63... - - [13] "POST /smtp.php HTTP/1.1" 200 2797 "http://lufti.lowrater.de/smtp.php" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    63... - - [13] "POST /smtp.php HTTP/1.1" 200 2842 "http://lufti.lowrater.de/smtp.php" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    63... - - [13] "POST /smtp.php HTTP/1.1" 200 2840 "http://lufti.lowrater.de/smtp.php" "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1"
    .
    .
    .

    In the author.php was in first line some code that definitly does not belong to it ( i removed the whole page, but if you want i can access to it via bacula ) and this created the smtp.php

    Is this familiar?

    Thanks & Cheers,
    Thomas

  2. esmi
    Forum Moderator
    Posted 1 year ago #

  3. develth
    Member
    Posted 1 year ago #

    Thanks for the Information!

Topic Closed

This topic has been closed to new replies.

About this Topic