Links
Categories

Bluetrait
        Bluetrait
            Videos
            Solar
            Coding
            Geek
            General
            Coding
                PHP
                Bluetrait
                WordPress
                    Plugins
                PHP
                Bluetrait (Program)
            Geek
                Juniper
                Cisco
                IBM N2200 8363
                PCs
                Spam
                IPv6
                Apple
                NetScreen
                Internet
            General
                Uni

Sat, 02 Oct 2004 9:46 PM

XSS Security Holes in WordPress

Michael Dale
Security vulnerabilities have been found in WordPress that allows users to enter code into the site through certain urls (whose content is not checked). Examples: http://[victim]/wp-login.php?redirect_to=[code] http://[victim]/wp-login.php?mode=bookmarklet&text=[code] http://[victim]/wp-login.php?mode=bookmarklet&popupurl=[code] http://[victim]/wp-login.php?mode=bookmarklet&popuptitle=[code] http://[victim]/admin-header.php?redirect=1&redirect_url=%22;[code]// http://[victim]/bookmarklet.php?popuptitle=[code] http://[victim]/bookmarklet.php?popupurl=[code]] http://[victim]/bookmarklet.php?content=[code] http://[victim]/bookmarklet.php?post_title=[code] http://[victim]/categories.php?action=edit&cat_ID=[code] http://[victim]/edit.php?s=[code] http://[victim]/edit-comments.php?s=[code] http://[victim]/edit-comments.php?mode=[code] XSS (cross-site scripting) holes are common in many php scripts and Wordpress isn't the only effected blogging tool. LiveJournal and Blogger are also vulnerable. Athlough this is a somewhat large security issue wordpress users shouldn't be too worried, all scripts have bugs. The Wordpress team are working on a 1.2.1 release to fix these issues. So look out for it. Related links: http://wordpress.org/support/4/13818 http://wordpress.org/support/7/13856 http://news.netcraft.com/archives/2004/09/30/security_holes_in_wordpress_blogging_tool.html http://secunia.com/advisories/12683/

WordPress

Permalink | Comments 2

Tue, 07 Sep 2004 9:23 PM

Wordpress now has a bit of dale in it.

Michael Dale
I'm one for gloating, so I thought I'd try and raise ye old ego a bit more (as you do ;)). Anyway as you may (or probably may not) know I hacked apart wordpress to leach some of its sending trackback function and found a very small bug. The bug being if you ran wordpress on a non standard port (i.e anything other than 80) then people would be unable to send a trackback to that site. Wordpress ignored the fact that someone may have enter a port number into the trackback url. Only a small bug. So I emailed the good matt ( http://www.photomatt.net ) about the problem and included a fix for it. Less than 24 hours later wordpress is patched and the latest nightly build includes this small fix. It's just cool that anyone can help add/fix things to open source software. So praise open source (and wordpress for being so). w00t /end ego boosting post ;) no I'll never like wordpress, shutup! :S

WordPress

Permalink | Comments 4

Sat, 03 Jul 2004 9:27 AM

Complete backend update

Michael Dale
I've done a complete update of the backend of my website today. Every piece of text you now see on this website is coming to you live from my database! ;) It's very cool. Something I've been wanting to do for a while. Currently I haven't rewritten an admin panel although it is in the works as we speak. Very cool. Also got some maths done today. hehe nice.

PHP

Permalink | Comments 0