1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

0-Day Wordpress Vulnerability...

Discussion in 'BlackHat Lounge' started by akacash, May 11, 2015.

  1. akacash

    akacash Jr. VIP Jr. VIP

    Joined:
    Jan 16, 2010
    Messages:
    844
    Likes Received:
    622
    Location:
    The Beach, USA
    Just thought I'd give you guys a heads up on this since I know a lot of ppl here use Wordpress. The following is an except from an email I received.
     
  2. archon10

    archon10 BANNED BANNED

    Joined:
    Oct 10, 2011
    Messages:
    1,181
    Likes Received:
    8,223
    lmao WordPress users.

    Enjoy your hacked sites.
     
    • Thanks Thanks x 5
  3. Apricot

    Apricot Administrator Staff Member Moderator

    Joined:
    Mar 26, 2013
    Messages:
    13,483
    Likes Received:
    8,438
    Gender:
    Female
    Occupation:
    BHW Admin
    Location:
    Station 2E
    Home Page:
    I'm always surprised by how many people don't harden their installs. Seen multiple sites with hidden pharma links lately and admins have no idea they're even there.
     
    • Thanks Thanks x 1
  4. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
  5. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Joined:
    Oct 23, 2014
    Messages:
    754
    Likes Received:
    7,211
    Because wordpress doesn't really come out with it out of the box, so many installers choose to use the default wp_ as well as display the admin name you chose instead of having them different from the installation.

    Most wordpress users aren't really tech savvy or they don't have the time to do some hardening of it.