Script kiddies


It seems there is a vulnerability in the wp-css-compress Word Press plugin. Luckily I don’t have this installed and tend not to use any plugins for this reason. However I have had numerous attempts to exploit this vulnerability against this site, including today from a little script kiddy trying to proxy via the Netherlands.

You will see the exploit in your logs looking something like: -

/wp-content/plugins/wp-css/wp-css-compress.php?f=../../../../../../../../etc/passwd

Clearly the developer that wrote wp-css-compress doesn’t stop attempts to move out of the web accessible directory and into the etc folder to pull back the system passwd file which will contain the user-names of users on the server making a brute force attack over SSH much more likely to succeed.

So ensure you disable this plugin and keep an eye on your eyes for this kind of activity, and while your at it why not install mod security it defeats a lot of the pleb level hacking you see on a regular bases.


Tags: , , ,

This entry was posted on Sunday, February 12th, 2012 at 1:25 am and is filed under Technical. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  1. WordPress Plugin With Publicly Known Vulnerability Remained in Plugin Directory For Six Months - Web Security Blog | White Fir Design says:
    March 12, 2012 at 10:40 pm

    [...] to take a look if there was more information about the vulnerability available. We first found a post from someone who had also had recent attempts to exploit the vulnerability on their website. We [...]

    Reply

Leave a Reply