1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

LA Times said to be compromised, shell access offered up for sale

Discussion in 'CSO' started by RSS, Apr 6, 2016.

  1. RSS

    RSS New Member Member

    Wednesday afternoon, someone on Twitter offered access to the LA Times website to anyone willing to purchase it.

    The access itself has been obtained due to a vulnerable WordPress installation and an uploaded web shell.

    Salted Hash has reached out to the LA Times for comment, and we’ll update this post if they respond.


    For now, it doesn’t look like anyone has taken seller up on their offer. The screenshots below show the shell running on the web server, and part of the vulnerable WordPress plugin, Advanced XML Reader.

    The plugin developer says it enables “blog owners the possibility to show any xml file in their post or page.”

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page