Blackhat SEO » 0day http://blackhat-seo.feifei.us For all the bad ideas I have... Sat, 19 Jan 2008 22:10:51 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Wordpress Vulnerable to Worm http://blackhat-seo.feifei.us/13/wordpress-vulnerable-to-worm/ http://blackhat-seo.feifei.us/13/wordpress-vulnerable-to-worm/#comments Sun, 05 Aug 2007 04:40:47 +0000 Elliott Back http://blackhat-seo.feifei.us/13/wordpress-vulnerable-to-worm/ Benjamin Flesch points out seven Wordpress XSS exploits that could be used partially or en totalis to create a 0day Wordpress worm that could:

  1. Spread automatically around the blogosphere
  2. Inject a payload into Wordpress

In the blackhat world, the best target would be to find a Wordpress.com XSS exploit. Then you could easily write a script looking for high-PR blogs and inject a hidden link for yourself, probably without too many people noticing. If you were careful and acted slowly you’d have the most powerful Web 2.0 botnet before anyone noticed!

#2 has been shown to be easy.  However, none of the exploits seem to offer #1, that is the spread of a true worm.  The author’s worm cannot spread unless you follow a complicated self-commenting procedure.  So for now at least, there will be no Wordpress 0day firestorm.

]]> http://blackhat-seo.feifei.us/13/wordpress-vulnerable-to-worm/feed/ 2