OSVDB Blog and WordPress - Discovered In the Wild Category at Work
February 14th, 2008
Just a couple of days ago, OSVDB added a new classification, Discovered In the Wild, based on some suggests by Pete Lindstrom (Spire Security Viewpoint).
Now, we get the 0-day Can Happen to Anyone post. The OSVDB WordPress blog was being hacked by SEO spammers that edited spam content directly into the posts. Apparently the blog was being exploited by a real-life, discovered in the wild, 0-day: 41136: WordPress XML-RPC xmlrpc.php Unauthenticated Post Modification.
For reference, the links I saw were:
<noscript>Courtney scott a <a href="http://groups.google.com/group/lynn5052/web/cricket-ringtones">cricket ringtones</a> is not.</noscript> <noscript>Wiederum im Uhrzeigersinn <a href="http://www.kasino007.de">gratis casinospiele</a> jeder Boxinhaber dann sein Online Blackjack Blatt zu Ende.</noscript>
Interesting stuff.
Posted by gfleischer on 2008/02/14 at 00:06 in 0wned