WordPress Security-parse error. not well formed- spam

Published by

Posted on July 12, 2009

This caught me by surprise when I ran across this information. There seems to be a exploit in some version of wordpress. The exploit from what I have seen is caused by users using a remote site to post to their blog.

view the blog content using google Reader or via curl will display the spam content

curl --no-sessionid --user-agent "Googlebot/2.1 (+http://www.googlebot.com/bot.html)" http://www.example.com

Such sites include windows live writer.
I would recommend taking a look at the wordpress users that are setup on your site . Verify that only approved users have administrative rights. also compare your existing files with the files from the installation zip from wordpress.com ..

The key file is xmlrpc.php
if you see this on line 27 , then you have a huge problem
$HTTP_RAW_POST_DATA = mysql_escape_string(trim($HTTP_RAW_POST_DATA));
Straight to the point

Possible error you may see
log Server Error
Server Error -32700 Occurred
parse error. not well formed