New W3 Total Cache and WP Super Cache Vulnerability
From blog.sucuri.net
As if on queue, almost 7 days since we released the post about the latest W3TC and WP Super Cache remote command execution vulnerability, we have started to see attacks spring up across our network.
In our post you might remember this:
< !–mfunc echo PHP_VERSION; –>< !–/mfunc–>
In this example we explained how it was a very simple approach to displaying the version of PHP on your server. There were a lot of questions following that saying, well what’s so harmful in that. Etc… With little help from us the attackers go on to show us what they can do.