Update: WP developers are looking into this now . . .
The current version of WordPress (also 2.1-2.3.1 verified so far) is apparently vulnerable to an HTML-tainting attack. I first noticed it on this blog in the next-to-top post. I’ve actually been on a vacation of sorts, but I monitor changes to my web […]
Posted on October 31st, 2007 by Green Guy
Filed under: Uncategorized | No Comments »
<?
/*Plugin Name: HTMLTaintCheckPlugin URI: http://www.seoegghead.com/Description: Checks for suspicious links in posts. MAKE SURE TO REPLACE YOUR EMAIL ADDRESS IN THE CODE BELOW — ALSO ONLY LEAVE THIS ON TO CHECK, THEN TURN IT BACK OFF!!!Author: Jaimie SirovichVersion: 0.1Author URI: http://www.seoegghead.com/*/
if (true) { check_posts();}
function check_posts(){
global $wpdb, $table_prefix;
$items = $wpdb->get_results(”
SELECT post_title, ID, post_name, post_content
FROM {$table_prefix}posts
WHERE TRUE ”); $copy = ’’; foreach ($items as $i) { if (preg_match(’#adshelper|softicana#i’, $i->post_content)) { $copy .= $i->ID . ’ ’ . ”IS SUSPICIOUS.rn”; } else { $copy .= $i->ID . ’ ’ . ”OK.rn”; } } mail(’YOUREMAIL@ADDRESS.com’, ’test’, $copy); }
?>
Blog advertising
Posted on October 31st, 2007 by Green Guy
Filed under: Uncategorized | No Comments »