'Re: [Full-disclosure] http://www.bestcareersopportunities.com/'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] http://www.bestcareersopportunities.com/
From:       Christian Sciberras <uuf6429 () gmail ! com>
Date:       2011-08-31 10:55:14
Message-ID: CAD6s_XtQp2jDHxGzubcimHx1ojeJ7jqs3_og4dLVtStHkwb94w () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


If it's connected to the Internet, it's already got an exploit ;)







On Wed, Aug 31, 2011 at 12:26 PM, Ben McGinnes <ben@adversary.org> wrote:

> On 31/08/11 4:30 PM, Jacqui Caren-home wrote:
> > is running wordpress 3.2.1
> >
> > This lahore based spammer is running a PPC link blog and is pushing his
> crap
> > all over the social networks right now and has just appeared in my work
> > spamtraps from botnett'd systems.
> >
> > Anyone know if the above site has any known exploits?
> >
> > Note the hosting company has been notified, so expect any attacks/tests
> to be monitored.
>
> If they don't have the PHP floating point DOS attack workaround
> plug-in installed then that might be a vector.
>
> https://core.trac.wordpress.org/ticket/16097
>
> http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/
>
> It also depends on which version of PHP they're running and whether
> it's been fixed yet (it's a PHP bug rather than a WordPress one).
>
>
> Regards,
> Ben
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

[Attachment #5 (text/html)]

<font color="#666666"><font size="2"><font face="georgia,serif">If it&#39;s connected to the \
Internet, it&#39;s already got an exploit ;)<br></font></font></font><div><font \
class="Apple-style-span" color="#666666" face="georgia, serif"><br> </font></div><div><font \
class="Apple-style-span" color="#666666" face="georgia, serif"><br></font></div><div><font \
class="Apple-style-span" color="#666666" face="georgia, serif"><br></font></div><div><font \
class="Apple-style-span" color="#666666" face="georgia, serif"><br> </font></div><div><font \
class="Apple-style-span" color="#666666" face="georgia, serif"><br></font></div><div><font \
class="Apple-style-span" color="#666666" face="georgia, serif"><br></font></div><div><font \
class="Apple-style-span" color="#666666" face="georgia, serif"><br> </font><div \
class="gmail_quote">On Wed, Aug 31, 2011 at 12:26 PM, Ben McGinnes <span dir="ltr">&lt;<a \
href="mailto:ben@adversary.org">ben@adversary.org</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> \
<div class="im">On 31/08/11 4:30 PM, Jacqui Caren-home wrote:<br> &gt; is running wordpress \
3.2.1<br> &gt;<br>
&gt; This lahore based spammer is running a PPC link blog and is pushing his crap<br>
&gt; all over the social networks right now and has just appeared in my work<br>
&gt; spamtraps from botnett&#39;d systems.<br>
&gt;<br>
&gt; Anyone know if the above site has any known exploits?<br>
&gt;<br>
&gt; Note the hosting company has been notified, so expect any attacks/tests to be \
monitored.<br> <br>
</div>If they don&#39;t have the PHP floating point DOS attack workaround<br>
plug-in installed then that might be a vector.<br>
<br>
<a href="https://core.trac.wordpress.org/ticket/16097" \
target="_blank">https://core.trac.wordpress.org/ticket/16097</a><br> <a \
href="http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/" \
target="_blank">http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/</a><br>
 <br>
It also depends on which version of PHP they&#39;re running and whether<br>
it&#39;s been fixed yet (it&#39;s a PHP bug rather than a WordPress one).<br>
<br>
<br>
Regards,<br>
<font color="#888888">Ben<br>
<br>
</font><br>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br></blockquote></div><br></div>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic