My Security Planet » BlogSecurity » May 31, 2008

Feeds

13607 items (0 unread) in 75 feeds

• Jeremy Zawodny's blog
• Mozilla Webdev
• Transcendental Technical Travails
• Ian Bicking: a blog
• Hackosis

• Watchfire Application Security Insider
• BlogSecurity
• sirdarckcat
• Google Online Security Blog
• CGISecurity.com: Your Web Site and Application Security Resource
• Switch/Twitch
• mybeNi websecurity
• cat slave diary
• SecuriTeam Blogs
• Curiouser and Curiouser
• Alex's Corner
• Billy (BK) Rios
• Chris Shiflett
• christian's weblog
• funkatron.com
• GNUCITIZEN
• The Spanner
• hackademix.net
• Ruby on Rails Security Project
• It's a shampoo world anyway
• Web Security Blog
• ha.ckers.org web application security lab
• Yet Another Infosec Blog
• PHP Security Blog
• Security Thoughts
• Sunnet Beskerming Security Advisories
• Disenchant's Blog
• Sylvan von Stuppe
• Larholm.com
• The Turkey Curse
• Jeremiah Grossman
• Anurag Agarwal - Application Security Evangelist
• Ivan Ristic
• deep inside | security & tools
• omg.wtf.bbq.
• BlueHat Security Briefings
• Tactical Web Application Security
• .:Computer Defense:.

• tssci security
• Plynt Penetration Testing Blog
• Michael Howard's Web Log
• Security Retentive
• BindShell.Net
• Dominic White's .tHE pRODUCT
• SecurityFocus News
• Justice League
• Schneier on Security
• Rational Survivability
• terminal23
• 1 Raindrop
• hiredhacker.com
• Matasano Chargen
• Security Vulnerability Research & Defense
• Michael on Security - Musings on Information Security
• Fortify blog
• The Art of Software Security Assessment
• GDS Security Blog
• Vodun.org
• Robert Penz Blog
• Mark Curphey - SecurityBuddha.com
• Liminal states
• Security Ripcord
• ModSecurity Blog
• IBM Internet Security Systems Frequency X Blog
• Suspekt...
• extern blog SensePost;
• Zero in a bit

• SEO BlackHat: Black Hat SEO Blog
• busin3ss.name

• Opensourcetesting.org News

BlogSecurity

• 

  WordPress Upload File Plugin SQL Injection

  Posted: May 31st, 2008, 3:31pm CDT by Philipp

  Tags:  Advisories   [edit]

  A SQL Injection vulnerability has been reported in WordPress by the Balsec Team. The advisory is lacking alot of detail.

  This post will be updated as new information is made available.

  

  
• 

  WordPress 2.3.3 Directory Traversal Vulnerability

  Posted: May 31st, 2008, 3:26pm CDT by Philipp

  Tags:  Advisories   [edit]

  Sandor Attila Gerendi found a vulnerability within WordPress 2.3.3, which under certain circumstances allows an attacker to run arbitrary PHP code on WordPress 2.3.3.

  Input passed via the “cat” parameter to index.php is not properly sanitised in the “get_category_template()” function in wp-includes/theme.php before being used to include files in template-loader.php. This can be exploited to include arbitrary PHP files from local resources via directory traversal attacks.

  
  According to the advisory, successful exploitation allows execution of arbitrary PHP code, but requires privileges to store PHP files on an affected system and that WordPress is installed on a Windows platform.
  

  The vulnerability is confirmed in version 2.3.3.

  Solution:
  Update to version 2.5.1.

  If you wish to patch your 2.3.3 install, please see the WordPress Trac.

  

  
• 

  WordPress 2.5.1 Malicious File Execution

  Posted: May 31st, 2008, 3:18pm CDT by Philipp

  Tags:  Advisories   [edit]

  CWH Underground have published an advisory regarding a malicious file execution vulnerability in WordPress 2.5.1.

  We do not quite follow this advisory. The vulnerability discusses the idea of uploading a PHP backdoor onto a WordPress blog via the upload file facility, or via the plugin edit facility. I don’t think this is really a WordPress issue but rather the correct functionality of WordPress.

  We have discussed before in our WordPress Whitepaper that the file upload facility should be restricted to trusted users only. We also recommend you reading our Role Management post.

  

  

TOP RSS Gregarius 0.5.4 Tentatively valid XHTML1.0, CSS2.0 Last update: Mon May 21 12:13:42 2012