Tag: mod security

  1. Wordpress security vulnerability and mitigating strategies.

    24 April 2008

    For the past couple of weeks the information security community has been noticing someone exploiting a new vulnerability in the Wordpress blogging software that lets the attacker inject arbitrary HTML code into the content from outside. So far, what has been seen is an

    HTML entity containing multiple hyperlinks to other sites, presumably for the purpose of artificially bumping up someone's search engine rankings. Both the height and width of the injected HTML code are usually set to zero pixels each, but I've seen a couple of instances of one-by-one
    entities as well. It stands to reason that pretty much …