WordPress.org

Support

Support » Requests and Feedback » Arbitrary File Upload Vulnerability / Exploit?

Arbitrary File Upload Vulnerability / Exploit?

  • Hello, folks.
    Here’s something from a total beginner with WordPress and no guru with coding and programming:

    I’ve just installed WordPress 2.7.1 locally, based on a Wamp Server install in WinXp. Playing around in the settings, I noticed the following message in the Dashboard, under Incoming Links:

    Buyacorp linked here saying, ” Exploit http://localhost/wp/?attachment_id=49 S …””

    The word “saying” was a link (as I formated it above). The “http://localhost…” was plane text. Buyacorp, bolded. “wp” is the name of the folder where I installed WordPress locally.

    I visited the link under “saying” and it’s spanish, which I don’t speak. I googled a bit and came up with this. Here it states, the bug was fixed with the changeset 5765 but I quess it was not.

    I quickly deconnected the Wamp Server. 🙂

    Any suggestions? Any fixes?
    Many thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • I have dozens of locals installs all containing various incoming links. They’re not referring to your install. Localhost is exclusive to your machine. 🙂

    Thanks LenK for the response.

    I don’t quite get it. I know localhost is refering strictly to my pc, but I still don’t see how the heck did the “incoming link” get there, in the Dashbord. Does WordPress.org put random dummy (incoming)links in their install files? Or did someone, somewhere, somehow link to my “local” blog and then it’s problem? 🙂

    Yeah, I’ve got the same thing happening on my install as well. I don’t think it’s related to your computer specifically but perhaps WP is sharing links from other WP installs that point to http://localhost/whatever/ then shares them on every machine that has http://localhost as their domain.

    Just a guess. Don’t think it’s something to be worried about from a security standpoint but I think that some people may be concerned about the privacy issues involved. Perhaps they are using a local install of WP to keep a private diary or something…

    Aaron

    I have a blog that is not on localhost anymore though I used it previously as a localhost website. Now it has a domain name with DNS and all. Why it still shows links from localhost like http://localhost/whatever?ref= ??

    And they are there for 3 odd months now, and strangely the blog has so many backlinks even listed in google.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Arbitrary File Upload Vulnerability / Exploit?’ is closed to new replies.
Skip to toolbar