Full Disclosure: Re: http://www.bestcareersopportunities.com/

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

Re: http://www.bestcareersopportunities.com/

From: Ben McGinnes <ben () adversary org>
Date: Wed, 31 Aug 2011 20:26:37 +1000

On 31/08/11 4:30 PM, Jacqui Caren-home wrote:

is running wordpress 3.2.1

This lahore based spammer is running a PPC link blog and is pushing his crap
all over the social networks right now and has just appeared in my work
spamtraps from botnett'd systems.

Anyone know if the above site has any known exploits?

Note the hosting company has been notified, so expect any attacks/tests to be monitored.


If they don't have the PHP floating point DOS attack workaround
plug-in installed then that might be a vector.

https://core.trac.wordpress.org/ticket/16097
http://www.exploringbinary.com/php-hangs-on-numeric-value-2-2250738585072011e-308/

It also depends on which version of PHP they're running and whether
it's been fixed yet (it's a PHP bug rather than a WordPress one).


Regards,
Ben

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

http://www.bestcareersopportunities.com/ Jacqui Caren-home (Aug 31)
- Re: http://www.bestcareersopportunities.com/ Ben McGinnes (Aug 31)
  - Re: http://www.bestcareersopportunities.com/ Christian Sciberras (Aug 31)
- Re: http://www.bestcareersopportunities.com/ James Voss (Aug 31)