WordPress.org

Forums

FireStorm Professional Real Estate Plugin
[resolved] IMPORTANT FOR THE DEVELOPER - SECURITY EXPLOIT (2 posts)

  1. Jon taylor
    Member
    Posted 2 years ago #

    An exploit has been discovered. I have been running this version of the plugin and have been hacked twice in as many weeks. I have gone through my logs and found the source of the exploit is via the marker_listings.xml

    After a quick search on Google, I found this.

    http://dl.packetstormsecurity.net/1211-exploits/wpfirestormrealestate-sql.txt

    Hope thats of some help in getting this hole plugged up.

    http://wordpress.org/extend/plugins/fs-real-estate-plugin/

  2. FireStorm Plugins
    Member
    Plugin Author

    Posted 2 years ago #

    Hello, what version were you running when you were hacked? Have you upgraded to the latest version?

    The link says this exploit is for version 2.06.08 however I don't see how this is possible. That version includes a check (which is also displayed on that link) that checks to make sure the ID is numeric. If they try to inject any text to exploit/hack your website, it stops the page from loading as a security feature. There is also a secondary check to watch for any SQL injections in the plugin where the user tries to access the wp_users cell.

    In a nutshell, if running version 2.06.08, this hack should not work.

    Hope that helps!

    Wes

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • FireStorm Professional Real Estate Plugin
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.