The MU forums have moved to

WP/WPMU admin.php expl0it of somekind? (2 posts)

  1. xiand0
    Posted 16 years ago #

    I get a whole lot of these in my logs right now - from numerous different IP adresses. - - [16/Aug/2007:13:58:19 -0400] "GET /2007/07/23/4/admin.php?page= HTTP/1.1" 403 957 "-" "libwww-perl/5.805" - - [16/Aug/2007:13:58:19 -0400] "GET /admin.php?page= HTTP/1.1" 403 957 "-" "libwww-perl/5.805" - - [16/Aug/2007:13:58:20 -0400] "GET /2007/07/23/admin.php?page= HTTP/1.1" 403 957 "-" "libwww-perl/5.805" - - [16/Aug/2007:13:58:20 -0400] "GET /2007/07/23/4/admin.php?page= HTTP/1.1" 403 957 "-" "libwww-perl/5.805" - - [16/Aug/2007:13:58:20 -0400] "GET /admin.php?page= HTTP/1.1" 403 957 "-" "libwww-perl/5.805" - - [16/Aug/2007:13:58:21 -0400] "GET /2007/07/23/admin.php?page= HTTP/1.1" 403 957 "-" "libwww-perl/5.805"

    Now, it must be mentioned that WPMU 1.2.4 does not comply with loading those external ?page= URLs and these "hacking" attempts (or whatever you call it) are just a waste of CPU/BW and annoying, not dangerous.

    But I thought I'd mention this anyway, since - and note that this is guesswork - this MAY be some exploit which works on some old(?) WP or WPMU version. I don't know. But it may be a good idea to check if your WPMU will load admin.php?page=http://external.tld/somepage url's and it'd be nice to clarify if there is any version of WP/WPMU where this actually works. This does not seem to work on my WPMU 1.2.4, but it does seem apparent that it works on SOME WP/WPMU version since these f**kheads keep on scanning to see if it works.

  2. drmiketemp
    Posted 16 years ago #

    I can't find it right off but it was one of the last security problems wordpress had. It was fixed in one of the 2.1.x upgrades though.

About this Topic

  • Started 16 years ago by xiand0
  • Latest reply from drmiketemp