just a heads up for those of you with wp installs that might be using shortstat... apparently shortstat allows one to insert an iframe in the referral log...
Quote:
|
the minute you click on shortstat it redirects you to a page filled with ads to adultfriendfinder and the page is also loaded with viruses.
|
source:
[SOLVED] If you run ShortStat, disable it NOW | JustJace.com
luckily I don't use shortstat, so no problems for me...
tbh, I think this exploit has the ability to produce greater potential damage than just some shitty malware installs... one could in theory use the iframe redirect to a fake wordpress login page asking the admin to re-enter the login and password... wonder how many wp installs one could gain access to that way? if one were so deviously inclined that is...
05-09-2008, 06:32 PM
wordpress shortstat exploit
Linear Mode
