Une faille dans la dernière version de Wordpress 2.3.3 ? / Wordpress 2.3.3 exploit in the wild ?

Posted by admin
March 27, 2008

Selon smackdown.blogsblogsblogs.com il y aurait une faille non-patchée dans la dernière version de Wordpress (2.3.3).

Le symptôme principal est la création d’un dossier wp-content/1 qui contient du spam.

this one actually creates an entirely new directory, /wp-content/1/, and loads it full of spammy html files containing Javascript redirects in them. You can see the number of affected blogs that Google has already indexed via this query: inurl:wp-content/1/

Selon l’idiot du village, ce serait simplement des versions de Wordpress non à jour qui auraient été infectées et ensuite mises à jour. Elles auraient conservé non les failles mais la possibilité (par un mot de passe par exemple) pour le hacker de compromettre l’installation. Ou que les mises à jour ont été faites de manière non sérieuse.

So far, these experiences suggest to me that any vulnerabilities that existed in previous versions are rectified in 2.3.3 and that done properly (reading the directions) an upgrade to 2.3.3 along with immediately changing any administrator passwords, and switching up the cookies solves any of those previous issues. In other words, those of you using 2.3.3 that are still seeing spam injections in your posts — you are not managing your upgrades the way I would.

Sécurité, Wordpress

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.



Laisser un commentaire