WordPress.org

Ready to get started?Download WordPress

Forums

WordPress exploitation toolkit on milw0rm (8 posts)

  1. linickx
    Member
    Posted 6 years ago #

  2. whooami
    Member
    Posted 6 years ago #

    Maybe that will spur on some upgrades.

  3. Jeremy Clark
    Moderator
    Posted 6 years ago #

    No just more questions here about my blog has been hacked I'm using version 1.5 your code sucks. Lol

  4. Root
    Member
    Posted 6 years ago #

    I am on WP 2.3 already. Fingers crossed.

  5. Bodhipaksa
    Member
    Posted 6 years ago #

    What does it actually do?

  6. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    It's a sort of automated exploit thing to determine the version of WordPress a site is running and attempt to break into it automatically using known exploits.

    If you're running 2.2.3, you have no issues here, this doesn't have any exploits in it for that version.

  7. whooami
    Member
    Posted 6 years ago #

    otto, did you happen to notice the error thats present in one of the version checking operations?

    I almost hate to mention it here since he/they will undoubtedly see the linkback to it in this post, and if he/they read this, it might be/will be corrected.

  8. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    Yeah, I spotted that too. I'd not mention it. Let them figure it out.

    For everybody else, note that this scriptkiddy code is capable of a major exploit for WordPress 2.2.2, once they work the kinks out. The bug is fixed in 2.2.3.

    If you're running WordPress 2.1 and up, update to 2.2.3 right now.
    Failure to do so will likely get your site hacked.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags