WP hack?
- Started
- Last post
- 17 Responses
- ********
http://ecc-expo.com/wp-includes/…...
any wordpress site with the following:
/wp-includes/js/swfupload/swfupl...
click on undefined..
is this exploitable?
fix would be:
find -name "swfupload.swf" -exec chmod 600 {} \;`
- ********0
http:// ecc-expo .com/wp-includes/js/swfupload/sw...
- ********0
http://ecc-expo.com /wp-includes /js/ swfupload /swfupload.swf
- ********0
<files swfupload.swf>
order allow,deny
deny from all
</files>- yea i got that, but i mean this applies to how many fucking wordpress sites in the world?********
- at my best knowledge this crap was fixed years ago, you got some issues with it recently?********
- the latest update caused the hole to open up, i had 22 sites hacked********
- geez the one what released few days ago?********
- are you sure that this was used?********
- i'm still investigating this actually********
- yea i got that, but i mean this applies to how many fucking wordpress sites in the world?
- ********0
pockets, your site is an easy target.
check your setup, and if it's possible use wordfence pls.
- ********0
dumped in wordfence, saved all 22 sites, i lost a phpbb forum but it was trash anyways
- ecc isnt my site, i just noticed more mainstream sites have this issue also********
- oooh okay :D********
- ecc isnt my site, i just noticed more mainstream sites have this issue also
- ********0
https://www.angrybirds.com/ wp-includes/js /swfupload/ swfupload.swf
- ********0
dumped in wordfence? I'm a little drunk pls explain
just a few things:
<meta name="generator" content="WordPress 4.5.3" />
<meta name="generator" content="WooCommerce 2.6.1" />
http://*/readme.htmland why is?
<script type='text/javascript' src='http://*.com/wp-includes/js/plupload/plupload.full.min.js?ver=2.1.8'></script>
- ********0
slowly but got it, was a bit confusing admit it :)
- BabySnakes0
making me worried about updating. is this wp core related or a plugin exploit?
- fadein110
Not sure about this but all my sites have been doing an auto update over last couple of days, is it to do with this?
- ********0
https://packetstormsecurity.com /files /121348/ SWFUpload-CSRF-XSS-Object-Inject...
- ********0
https://packetstormsecurity.com /files /121348/ SWFUpload-CSRF-XSS-Object-Inject...
- fuck you qbn********
- this was used?********
- yes********
- dump that into swfupload.swf********
- yes i'm doing that, just had to setup a sandbox********
- fuck you qbn
- noneck0
So clicking on Undefined brings up the file select dialog, but it won't upload anything. Not sure how this is a vulnerability.
I'm guessing a different vector was used on your hacked sites.
- yea, no files are being uploaded but i assume you can send a exploit through********
- Maybe I'm missing something? I tried uploading files with that swf, but couldn't get anything going.noneck
- yea, no files are being uploaded but i assume you can send a exploit through
- fadein110
Yep - just been on WP security blog - no mention of this
- ********1
Post only possible if you are logged in:
- if a user is active you can exploit?********
- yes there is a chance.
you don't have to be admin to do this, just a simple subscriber level is enough.******** - but I was unable to get trough the admin-ajax.php so I can't say for sure that this was your problem...********
- if a user is active you can exploit?
- ********1
pockets is this sill a thing?
- nah. fixed all my sites.. its all good********
- flash is dead i dunno why this shit is built in********
- me neither, should be some stupid fallback for old plugins. got a bit worried, because quite a lot of sites where updated in the past days :)********
- nah. fixed all my sites.. its all good