WordPress.org

Support

Support » Miscellaneous » WordPress exploitation toolkit on milw0rm

WordPress exploitation toolkit on milw0rm

Viewing 7 replies - 1 through 7 (of 7 total)
  • whooami
    Member

    @whooami

    Maybe that will spur on some upgrades.

    Jeremy Clark
    Member

    @jeremyclark13

    No just more questions here about my blog has been hacked I’m using version 1.5 your code sucks. Lol

    Root
    Member

    @root

    I am on WP 2.3 already. Fingers crossed.

    Bodhipaksa
    Member

    @haecceity

    What does it actually do?

    Samuel Wood (Otto)
    WordPress.org Tech Dude

    @otto42

    It’s a sort of automated exploit thing to determine the version of WordPress a site is running and attempt to break into it automatically using known exploits.

    If you’re running 2.2.3, you have no issues here, this doesn’t have any exploits in it for that version.

    whooami
    Member

    @whooami

    otto, did you happen to notice the error thats present in one of the version checking operations?

    I almost hate to mention it here since he/they will undoubtedly see the linkback to it in this post, and if he/they read this, it might be/will be corrected.

    Samuel Wood (Otto)
    WordPress.org Tech Dude

    @otto42

    Yeah, I spotted that too. I’d not mention it. Let them figure it out.

    For everybody else, note that this scriptkiddy code is capable of a major exploit for WordPress 2.2.2, once they work the kinks out. The bug is fixed in 2.2.3.

    If you’re running WordPress 2.1 and up, update to 2.2.3 right now.
    Failure to do so will likely get your site hacked.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘WordPress exploitation toolkit on milw0rm’ is closed to new replies.