Tag Archives: vulnerability

Blake Ross (The Co-Founder Mozilla Project) WordPress Blog’s Hacked

Blake Ross hacked by Blackhat SEO Spammer, blakeross.com is running WordPress 2.0.4 on Apache 1.3.39; its like waiting to be hacked.
Digg it → Co-Founder of Mozilla Project WordPress Blog’s Hacked

Screenshot

blake-ross-com-280208.png

Note: There is known directory transversal exploit for WordPress 2.0.4 #4226

External Links

  • How to fix wordpress.net.in Goro Spam
  • WordPress 2.0.5 Changelog
  • Apache 1.3 Vulnerability
  • Advertisements

    1 Comment

    Filed under OWNED, security, wordpress

    Statcounter Update.sh Workaround (ip2location Informations Leak)

    The server where the backup’s log of the last three days are situated is badly set. The access for all directory by server is free, include “utils” directory that contains one script file called “update.sh” inside of which are situated the user and password to enter and download the database log from ip2location.com ~ excerpt from Giani Amoto

    There is workaround for statcounter update.sh ip2location informations leak
    check out this posts at kakkoi → Statcounter Update.sh Vulnerability Fixes

    Quick workaround

    add the following htaccess code in statcounter /utils/ directory.

    #deny access to any file with *.sh filetypes
    <Files ~ "^\.sh">
     Order allow,deny
     Deny from all
     Satisfy All
    </Files>
    
    #Deny request for *.log & comment files
    <Files ~ "^.*\.([Ll][Oo][Gg]|[cC][oO][mM][mM][eE][nN][tT])">
     Order allow,deny
     Deny from all
     Satisfy All
    </Files>
    

    Leave a comment

    Filed under statcounter, vulnerability

    Matt Heaton (Bluehost and Hostmoster CEO) wordpress blog Hacked by Mick Jagger from Moscow

    wordpress.net.in remote spam injection, Matt’s heaton unaware that he uploaded the backdoor himself. Check his wordpress footer.

    Matt Heaton (Bluehost and Hostmoster CEO) got Hacked by Mick Jagger

    Full cache on google will not show the spam link (cloaking) used text-only cache.
    As of this time of writing he’s still using WordPress 2.0.

    While you are on mattheaton.com  footer check out the “Comment (RSS)” links. The “RSS” part is misleading. its redirect to http://cwings.ulmb.com/alexa.php?c=bluehost.com instead of the Comments Feeds. go figure

    What this got to do with Mick jagger?

    lol i knew u asked that, read it all at kakkoi.

    5 Comments

    Filed under bluehost, hack, hostmonster, injection, vulnerability, wordpress

    Firefox 2.0.0.7 Update – Quicktime Pwns Firefox

    firefoxA serious vulnerability in Mozilla Firefox has been addressed in release 2.0.0.7 which is now posted to the Firefox web site. The exploit involved an issue in Apple QuickTime that could reportedly lead to a full compromise of the browser and possibly the underlying operating system.

    The vulnerability reported by Petko D. Petkov at gnucitizen.org , who also reported on two other QuickTime vulnerabilities last year.

    Workaround: Disabling JavaScript in the browser does not protect against this attack; in vulnerable versions scripts passed through the -chrome option would be executed regardless of the JavaScript setting for web content, much as interpreters for languages such as Perl and Python execute scripts passed on the command line. The NoScript add-on, however, has provided protection against this class of attack since the cross-browser vulnerabilities described by MFSA 2007-23 were discovered. ~ Mozilla Foundation Security Advisory 2007-28

    Download

    Firefox 2.0.0.7 is now available for Windows, Mac, and Linux for free download from http://getfirefox.com.

    Continue reading

    Leave a comment

    Filed under Internet Browser, Mozilla Firefox