Support » Everything else WordPress » WordPress exploitation toolkit on milw0rm

Viewing 7 replies - 1 through 7 (of 7 total)
  • whooami

    (@whooami)

    Member

    Maybe that will spur on some upgrades.

    Jeremy Clark

    (@jeremyclark13)

    Member

    No just more questions here about my blog has been hacked I’m using version 1.5 your code sucks. Lol

    I am on WP 2.3 already. Fingers crossed.

    What does it actually do?

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    It’s a sort of automated exploit thing to determine the version of WordPress a site is running and attempt to break into it automatically using known exploits.

    If you’re running 2.2.3, you have no issues here, this doesn’t have any exploits in it for that version.

    whooami

    (@whooami)

    Member

    otto, did you happen to notice the error thats present in one of the version checking operations?

    I almost hate to mention it here since he/they will undoubtedly see the linkback to it in this post, and if he/they read this, it might be/will be corrected.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Yeah, I spotted that too. I’d not mention it. Let them figure it out.

    For everybody else, note that this scriptkiddy code is capable of a major exploit for WordPress 2.2.2, once they work the kinks out. The bug is fixed in 2.2.3.

    If you’re running WordPress 2.1 and up, update to 2.2.3 right now.
    Failure to do so will likely get your site hacked.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘WordPress exploitation toolkit on milw0rm’ is closed to new replies.