OSVDB Blog and WordPress - Discovered In the Wild Category at Work

February 14th, 2008

Just a couple of days ago, OSVDB added a new classification, Discovered In the Wild, based on some suggests by Pete Lindstrom (Spire Security Viewpoint).

Now, we get the 0-day Can Happen to Anyone post. The OSVDB WordPress blog was being hacked by SEO spammers that edited spam content directly into the posts. Apparently the blog was being exploited by a real-life, discovered in the wild, 0-day: 41136: WordPress XML-RPC xmlrpc.php Unauthenticated Post Modification.

For reference, the links I saw were:

<noscript>Courtney scott a <a href="http://groups.google.com/group/lynn5052/web/cricket-ringtones">cricket ringtones</a> is not.</noscript>

<noscript>Wiederum im Uhrzeigersinn <a href="http://www.kasino007.de">gratis casinospiele</a> jeder Boxinhaber dann sein Online Blackjack Blatt zu Ende.</noscript>

Interesting stuff.

Posted by gfleischer on 2008/02/14 at 00:06 in 0wned
Home
Subscribe
RSS 2.0
Quick Links
Content
Info
Categories
Archives
Sitemap
Valid XHTML 1.0 Transitional Valid CSS!