1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

0-Day Wordpress Vulnerability...

Discussion in 'BlackHat Lounge' started by akacash, May 11, 2015.

  1. akacash

    akacash Jr. VIP Jr. VIP

    Joined:
    Jan 16, 2010
    Messages:
    839
    Likes Received:
    618
    Location:
    The Beach, USA
    Just thought I'd give you guys a heads up on this since I know a lot of ppl here use Wordpress. The following is an except from an email I received.
     
  2. archon10

    archon10 BANNED BANNED

    Joined:
    Oct 10, 2011
    Messages:
    1,181
    Likes Received:
    1,667
    lmao WordPress users.

    Enjoy your hacked sites.
     
  3. Apricot

    Apricot Administrator Staff Member

    Joined:
    Mar 26, 2013
    Messages:
    12,564
    Likes Received:
    7,974
    Gender:
    Female
    Occupation:
    BHW Moderator
    Location:
    the clacks
    Home Page:
    I'm always surprised by how many people don't harden their installs. Seen multiple sites with hidden pharma links lately and admins have no idea they're even there.
     
    • Thanks Thanks x 1
  4. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    871
    Likes Received:
    3,292
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
  5. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Joined:
    Oct 23, 2014
    Messages:
    754
    Likes Received:
    1,732
    Because wordpress doesn't really come out with it out of the box, so many installers choose to use the default wp_ as well as display the admin name you chose instead of having them different from the installation.

    Most wordpress users aren't really tech savvy or they don't have the time to do some hardening of it.