Home Random Sh17cast Forums

WordPress Worm that fixes WordPress

Thursday, August 2, 2007

I’m not entirely sure I’d call it a worm since it doesn’t really spread automatically and on its own, but anyway. I saw this on gHacks and thought it was cool.

Basically this guy discovered seven vulnerabilities in the latest version of WordPress and decided to write a worm that will go into your site and patch the problems. All you have to do is login as an admin, post a comment containing a link to http://mybeni.rootzilla.de/mybeNi/ and click on it from the Moderate Comments admin panel. This will take you to his site where you then would have to click “Secure my blog” to continue. It’ll go back to your admin panel and guide you through the process of patching 3 files to stop this kind of XSS/ Cross-site-scripting vulnerability.

first wordpress worm

Of course you’ll have to trust that this won’t do any harm to your wp installation 😉

If you don’t want to do it this way and can wait. This is all fixed in the next update; which you can get off of the SVN repo right now.

Discover and Share
posted by johntash at 2:18 pm  


  1. Thanks for the post,

    Comment by samuells — November 11, 2008 @ 4:15 am

  2. Excellent essay and site. I put a link to your compassion essay on my website. Good work.

    Comment by cihanyan — November 11, 2008 @ 7:42 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

26 queries. 0.112 seconds.
Copyright © 2007-2010 http://www.thesh17.com