WordPress.org

Ready to get started?Download WordPress

Forums

Published Exploit but Not Patched.. (13 posts)

  1. digitallica
    Member
    Posted 2 years ago #

    Wonder how could nobody aware & patch this flaw published since january 2012?
    http://www.exploit-db.com/exploits/18417/

    I guess it's started to attack & in action now...

    Please backup your database, before it's too late..

  2. digitallica
    Member
    Posted 2 years ago #

    I have several databases for few different WordPress websites destroyed.. since yesterday. Completely unrecoverable.. Still checking for existing backups..

  3. esmi
    Forum Moderator
    Posted 2 years ago #

    There is nothing in there that hasn't been dealt with already.

  4. digitallica
    Member
    Posted 2 years ago #

    esmi, you're sure? i have one with version 3.3.1 whose database damaged..

  5. esmi
    Forum Moderator
    Posted 2 years ago #

    Yes. That's an old report.

  6. fonglh
    Member
    Posted 2 years ago #

    The "flaw" mentioned only applies to new setups where the files are uploaded but the installation steps haven't been completed. The concern is that someone could then hijack the install and point it to their own database.

    It has nothing to do with your existing sites.

  7. digitallica
    Member
    Posted 2 years ago #

    That's not fully true. I have a website running 3.3.1 where the mysql database wrecked-havoc & completely damaged.. No physical files were changed..

    I found the error log was very big (about 46 mb). I have a strong but only 8 characters length mysql password. What attack could cause this damage?

  8. esmi
    Forum Moderator
    Posted 2 years ago #

    Hard to say in hindsight but a mysql server issue could have mangled your database.

  9. digitallica
    Member
    Posted 2 years ago #

    Actually I had many WP websites (various versions) with damaged database.

    I learned on other websites with longer mysql password (16 chars, even 32 - yes I have a phobia), the damage was not materialized.

  10. esmi
    Forum Moderator
    Posted 2 years ago #

    Damage that is purely limited to the database on multiple sites with the same hosts is far more likely to have come about from a mysql server issue than a hack via WordPress.

  11. esmi
    Forum Moderator
    Posted 2 years ago #

    Oh - that's an excellent article!

  12. fonglh
    Member
    Posted 2 years ago #

    @digitallica

    The link you posted is about the possibility of a site being hijacked by someone who completes the install process for you. Unless you have sites which were mysteriously setup for you and you don't know where that database is, this issue does not apply.

    It is more likely that the problem lies elsewhere. Perhaps you can check with your hosts about this.

Topic Closed

This topic has been closed to new replies.

About this Topic