Andre Dublin
Forum Replies Created
-
Forum: Everything else WordPress
In reply to: [TimThumb Vulnerability] iframe hackCorrection on my last couple posts, I have found it also to be the l10n.js file located at http://sitename.com/wp-includes/js/l10n.js?ver20101110
Here is the malware report http://sucuri.net/malware/malware-entry-mwjs2368
You can see it gets attached to the end of the js file
Forum: Everything else WordPress
In reply to: [TimThumb Vulnerability] iframe hackInteresting enough after scanning my web site without the malicious code with http://sitecheck.sucuri.net/scanner/ ( thanks solagirl thats a great web tool ) it passed. Then when I scanned another one of my infected web sites it failed the test. Note that typekit is also on the website that failed. So if this helps anyone in squashing this problem, typekit might have some type of xss problem.
Forum: Everything else WordPress
In reply to: [TimThumb Vulnerability] iframe hackI’ve had a recent iframe injection attack on my web server. So far I’ve created a backup of my wordpress theme files and database, removed and installed the wordpress cms platform, and I still had the iframe showing up on my site. Eventually I went through my config.php and many other php files that are frequently targeted. Deleted the config-sample.php (as usual) and eventually figured it is a javascript file. The only javascript that is on my website was a typekit script, so when I disabled that the iframe went away. I am still testing the site to see if the malicious code is still present. Does anyone know of typekit having some kind of xss vulnerabilities?