newexpl.php Exploit
-
My WordPress site this morning was attempting to download the above named file when I viewed it. It turns out somebody had placed some javascript on all the php pages that were chmod 666 and that javascript was attempting to load a php page that would install spyware.
Acouple of things to note.
1. I’m a dumbass for leaving pages set to chmod 666. However, since WP specifically suggests that setting to edit templates with the editor, I suspect I’m not the only dumbass out there. The papges were changed yesterday.
2. Thank you Firefox for not auto installing the spyware 🙂
3. Not much on Google about that page yet – not even sure if this is specific to WP, or any php page set to chmod 666. However, since a lot of lazy users like me probably have pages set at 666, it is likely to hit WP users.
- The topic ‘newexpl.php Exploit’ is closed to new replies.