Hello all, I found that there is a new exploit for wp-trackback.php script using Sql Injection. Details can be found here - http://milw0rm.com/exploits/3109
Does anyone test it? I have to say that for some of my installations of WP it works and for other not. I did some quick fix for this specific exploit, but it is not ideal...
> -----Original Message----- > From: wp-hackers-boun...@lists.automattic.com [mailto:wp-hackers- > boun...@lists.automattic.com] On Behalf Of mar...@wiso.cz > Sent: Wednesday, January 10, 2007 1:02 PM > To: wp-hack...@lists.automattic.com > Subject: [wp-hackers] Sql injection admin hash disclosure exploit for > wp-trackback.php
> Hello all, I found that there is a new exploit for wp-trackback.php > script > using Sql Injection. Details can be found here - > http://milw0rm.com/exploits/3109
> Does anyone test it? I have to say that for some of my installations of > WP > it works and for other not. I did some quick fix for this specific > exploit, but it is not ideal...
> Kind regards,
> Martin Wiso > ================== > WWW: www.wiso.cz
> > -----Original Message----- > > From: wp-hackers-boun...@lists.automattic.com [mailto:wp-hackers- > > boun...@lists.automattic.com] On Behalf Of mar...@wiso.cz > > Sent: Wednesday, January 10, 2007 1:02 PM > > To: wp-hack...@lists.automattic.com > > Subject: [wp-hackers] Sql injection admin hash disclosure exploit for > > wp-trackback.php
> > Hello all, I found that there is a new exploit for wp-trackback.php > > script > > using Sql Injection. Details can be found here - > > http://milw0rm.com/exploits/3109
> > Does anyone test it? I have to say that for some of my installations of > > WP > > it works and for other not. I did some quick fix for this specific > > exploit, but it is not ideal...
On Jan 10, 2007, at 6:01 AM, mar...@wiso.cz wrote:
> Does anyone test it? I have to say that for some of my > installations of WP > it works and for other not. I did some quick fix for this specific > exploit, but it is not ideal...
It depends on your PHP version and you need register_globals on. It has been fixed in WordPress 2.0.7 RC1.
I suppose "register_globals on" *is* the security hole? ;) If your application requires register_globals turned on, then please rewrite by your own (if allowed by the included license) or search for an alternative. "register_globals on" is bad (in combination with other PHP options a nightmare).
Roland
> It depends on your PHP version and you need register_globals on. It > has been fixed in WordPress 2.0.7 RC1.
> I suppose "register_globals on" *is* the security hole? ;) If your > application requires register_globals turned on, then please > rewrite by your own (if allowed by the included license) or search > for an alternative. "register_globals on" is bad (in combination > with other PHP options a nightmare).
WordPress has never required register_gloabls to be turned on. We hate register globals. :-) We have code in WordPress that unregisters global variables. The bug was a PHP bug that makes use of unset() to de-register variables unsafe. I found a workaround.
|
