Thread: Free Wordpress EXPLOIT remove utility here
View Single Post
Old 06-06-2008, 08:23 AM  
just a punk
So fuckin' bored
 
just a punk's Avatar
 
Industry Role:
Join Date: Jun 2003
Posts: 32,388
Quote:
Originally Posted by fluffygrrl View Post
It's not really a vulnerability per se.

Upon installing a new template, you grant code in there same rights as the wp package. An infected template then alters the p_footer() hook, wp_head() hook or both, ads some entries in a bogus wp_options entrace in the options table, and voila. You're infected.

Moral is, never install code you haven't read. Don't be shy to crack "protected" stuff, especially if it's widgets, templates and the like.
Aha, so it's done by trojaned templates. One more reason so say: "free stuff is not always good and to always secure".
__________________
Obey the Cowgod
just a punk is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote