On 31/08/11 4:30 PM, Jacqui Caren-home wrote: > is running wordpress 3.2.1 > > This lahore based spammer is running a PPC link blog and is pushing his crap > all over the social networks right now and has just appeared in my work > spamtraps from botnett'd systems. > > Anyone know if the above site has any known exploits? > > Note the hosting company has been notified, so expect any attacks/tests to be > monitored. If they don't have the PHP floating point DOS attack workaround plug-in installed then that might be a vector. https://core.trac.wordpress.org/ticket/16097 http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/ It also depends on which version of PHP they're running and whether it's been fixed yet (it's a PHP bug rather than a WordPress one). Regards, Ben
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/