Comments on: Nice Exploit Code I Found in my Wordpress http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/ The third attempt Wed, 19 Nov 2008 22:48:18 +0000 http://wordpress.org/?v=2.7-almost-beta-9300 hourly 1 By: My Wordpress Blog Got Hacked Right Next To Matt Mullenweg : Purposeinc http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71507 My Wordpress Blog Got Hacked Right Next To Matt Mullenweg : Purposeinc Tue, 08 Apr 2008 08:14:51 +0000 http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71507 [...] looked over to my right, and there was Dave Dellanave, Shoemoney’s ace programmer sitting 3 feet across the isle from me banging away on the keys creating fighters.com their new [...] [...] looked over to my right, and there was Dave Dellanave, Shoemoney’s ace programmer sitting 3 feet across the isle from me banging away on the keys creating fighters.com their new [...]

]]> By: Mike Peters http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71414 Mike Peters Tue, 11 Mar 2008 15:21:28 +0000 http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71414 So true :-) So true :-)

]]> By: david http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71413 david Tue, 11 Mar 2008 15:02:26 +0000 http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71413 If you run Windows ;) If you run Windows ;)

]]> By: Mike Peters http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71412 Mike Peters Tue, 11 Mar 2008 14:42:27 +0000 http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71412 This code got sql injected into your wp_posts. Make sure you upgrade to the 2.3.2 version of WordPress: http://wordpress.org/support/topic/151888 What it does is attempt to install a VBS malware on your machine using an xmlrpc exploit in older versions of WordPress. Look for something like this in your server logs - 200.216.67.181 - - [28/Jan/2008:13:10:54 -0500] "POST /xmlrpc.php HTTP/1.0" Once you view the post, you're infected - the VBS code will be installed and you're going to need to run NOD32 or AVG to clean it up This code got sql injected into your wp_posts.

Make sure you upgrade to the 2.3.2 version of WordPress:
http://wordpress.org/support/topic/151888

What it does is attempt to install a VBS malware on your machine using an xmlrpc exploit in older versions of WordPress.

Look for something like this in your server logs -

200.216.67.181 - - [28/Jan/2008:13:10:54 -0500] “POST /xmlrpc.php HTTP/1.0″

Once you view the post, you’re infected - the VBS code will be installed and you’re going to need to run NOD32 or AVG to clean it up

]]> By: david http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71410 david Mon, 10 Mar 2008 19:20:23 +0000 http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71410 Yeah thats a start but it will take a bit more work to figure out exactly what it does. Yeah thats a start but it will take a bit more work to figure out exactly what it does.

]]> By: Josh http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71409 Josh Mon, 10 Mar 2008 18:33:07 +0000 http://www.dellanave.com/blog/2008/03/10/nice-exploit-code-i-found-in-my-wordpress/#comment-71409 Try this out for a fellow lazy bum. :-) Allows you to cut and paste encoded/decoded stuff for javascript. http://www.the-art-of-web.com/javascript/escape/ Try this out for a fellow lazy bum. :-)

Allows you to cut and paste encoded/decoded stuff for javascript.

http://www.the-art-of-web.com/javascript/escape/

]]>