tiff2342

Well-Known Member
Apr 20, 2012
140
0
66
cPanel Access Level
Root Administrator
In ref to:

/https://twitter.com/SolidSSecurity
/http://www.webhostingtalk.com/showthread.php?t=1195687

Any one know if WP is safe?
 

tiff2342

Well-Known Member
Apr 20, 2012
140
0
66
cPanel Access Level
Root Administrator
well there apparently is an exploit out for latest WP but ill just follow their twitter to stay on top of things just in case
 

tiff2342

Well-Known Member
Apr 20, 2012
140
0
66
cPanel Access Level
Root Administrator
all ive found is a cross site but they have logs of a shell being uploaded into the admin area via admin files on latest WP install /https://twitter.com/SolidSSecurity/status/251700021005791232
 

Infopro

Well-Known Member
May 20, 2003
17,076
524
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Thank you for the link.

From the exploit itself for reference here:

Vuln Desc: WordPress Version 3.4.2 is vulnerable to Cross Site Request Forgery Vulnerability.
The folloging CSRF exploit will change rss link if the currently logged administrator visits malicious page which containts the exploit below.
So, you need to have your wordpress admin page open and be logged in. And then click a link someone sends you, or you find online for this to be an issue. I think.

I would think @SolidSSecurity might try and convey this sort of message in 140 characters or less to be useful to it's followers. Instead, he's been posting about it since Sept 27, with vague warnings.

And we have this thread.

Thanks again for the link. This sort of thing should be made clear to users who comes across this thread.
 

kpmedia

Well-Known Member
Feb 13, 2011
90
1
58
USA, Europe
cPanel Access Level
Root Administrator
So, you need to have your wordpress admin page open and be logged in. And then click a link someone sends you, or you find online for this to be an issue. I think.
No -- not based on the logs I've seen.

This is the log of a hacked site:
Code:
GET /wp-admin/ HTTP/1.1
GET /wp-admin/admin.php?page=stats&noheader&dashboard&width=574 HTTP/1.1
GET /wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_incoming_links HTTP/1.1
GET /wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_primary HTTP/1.1
POST /wp-admin/admin.php?page=stats&noheader&chart=flot-stats-data HTTP/1.1
GET /wp-admin/plugin-editor.php HTTP/1.1
GET /phpshell.php HTTP/1.1
That all happened within 3 minutes.

I don't know what was posted, however. In each case, the user altered things before I was called to the scene. And as you would guess, the users made things worse -- and covered the tracks of the hacker in the process.

This is rather easily thwarted by having decent security on the site. Unfortunately, most users just deploy default, and do nothing other than add "security" plugins (NOT SECURITY!)

This happened back on 8/30, so an exploit is at least a month old now. :(