WordPress.org

Ready to get started?Download WordPress

Forums

FireStorm Professional Real Estate Plugin
[resolved] IMPORTANT FOR THE DEVELOPER - SECURITY EXPLOIT (2 posts)

  1. Jon taylor
    Member
    Posted 2 years ago #

    An exploit has been discovered. I have been running this version of the plugin and have been hacked twice in as many weeks. I have gone through my logs and found the source of the exploit is via the marker_listings.xml

    After a quick search on Google, I found this.

    http://dl.packetstormsecurity.net/1211-exploits/wpfirestormrealestate-sql.txt

    Hope thats of some help in getting this hole plugged up.

    http://wordpress.org/extend/plugins/fs-real-estate-plugin/

  2. FireStorm Plugins
    Member
    Plugin Author

    Posted 2 years ago #

    Hello, what version were you running when you were hacked? Have you upgraded to the latest version?

    The link says this exploit is for version 2.06.08 however I don't see how this is possible. That version includes a check (which is also displayed on that link) that checks to make sure the ID is numeric. If they try to inject any text to exploit/hack your website, it stops the page from loading as a security feature. There is also a secondary check to watch for any SQL injections in the plugin where the user tries to access the wp_users cell.

    In a nutshell, if running version 2.06.08, this hack should not work.

    Hope that helps!

    Wes

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.