WordPress.org

Support

Support » How-To and Troubleshooting » Exploit in Twentyten author.php ?

Exploit in Twentyten author.php ?

  • Hi there,

    i got an abuse report and i checked my logs etc.

    I stumpled upon folloewing:

    63… – – [13/] “GET /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1” 200 438 “-” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    63… – – [13/] “GET /favicon.ico HTTP/1.1” 404 309 “-” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    63… – – [13/] “POST /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1” 200 4697 “http://host.com/wordpress/wp-content/themes/twentyten/author.php” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    63… – – [13/] “POST /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1” 200 3597 “http://host.com/wordpress/wp-content/themes/twentyten/author.php” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    63… – – [13] “POST /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1” 200 3668 “http://host.com/wordpress/wp-content/themes/twentyten/author.php” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    63… – – [13] “GET /smtp.php HTTP/1.1” 200 1725 “-” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    63… – – [13] “POST /smtp.php HTTP/1.1” 200 2797 “http://lufti.lowrater.de/smtp.php” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    63… – – [13] “POST /smtp.php HTTP/1.1” 200 2842 “http://lufti.lowrater.de/smtp.php” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    63… – – [13] “POST /smtp.php HTTP/1.1” 200 2840 “http://lufti.lowrater.de/smtp.php” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1”
    .
    .
    .

    In the author.php was in first line some code that definitly does not belong to it ( i removed the whole page, but if you want i can access to it via bacula ) and this created the smtp.php

    Is this familiar?

    Thanks & Cheers,
    Thomas

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Exploit in Twentyten author.php ?’ is closed to new replies.
Skip to toolbar