Full Disclosure mailing list archives
Re: http://www.bestcareersopportunities.com/
From: Ben McGinnes <ben () adversary org>
Date: Wed, 31 Aug 2011 20:26:37 +1000
On 31/08/11 4:30 PM, Jacqui Caren-home wrote:
is running wordpress 3.2.1 This lahore based spammer is running a PPC link blog and is pushing his crap all over the social networks right now and has just appeared in my work spamtraps from botnett'd systems. Anyone know if the above site has any known exploits? Note the hosting company has been notified, so expect any attacks/tests to be monitored.
If they don't have the PHP floating point DOS attack workaround plug-in installed then that might be a vector. https://core.trac.wordpress.org/ticket/16097 http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ It also depends on which version of PHP they're running and whether it's been fixed yet (it's a PHP bug rather than a WordPress one). Regards, Ben
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- http://www.bestcareersopportunities.com/ Jacqui Caren-home (Aug 30)
- Re: http://www.bestcareersopportunities.com/ Ben McGinnes (Aug 31)
- Re: http://www.bestcareersopportunities.com/ Christian Sciberras (Aug 31)
- Re: http://www.bestcareersopportunities.com/ James Voss (Aug 31)
- Re: http://www.bestcareersopportunities.com/ Ben McGinnes (Aug 31)