Revenue Source

Welcome to the Revenue Source affiliate marketing forums.

You are viewing our internet marketing and SEO forums as a guest which gives you limited access to most of our discussions.  By joining our free community, you will have access to post affiliate marketing topics, communicate privately with other members (PM), exchange SEO strategies, and access many other special features.  Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems, please don't hesitate to contact us.

Go Back   Revenue Source > Site Design & Development > Programming Help
Reload this Page Hardened-PHP Project: WordPress Vulnerability Advisories (XSS & Trackbacks)
Tags: , , , , , ,

Reply
 
LinkBack Thread Tools Search this Thread
Old
  (#1 (permalink))
Affiliate Blogs is Offline
Revenue Source Veteran
Affiliate Blogs has a brilliant future here!
 
Affiliate Blogs's Avatar
 
Join Date: Oct 2005
Posts: 9,133
Jack of All Trades
CyberSpace United States
   
Hardened-PHP Project: WordPress Vulnerability Advisories (XSS & Trackbacks) - 01-05-2007
The Hardened-PHP Project has posted two new advisories today, both dealing with WordPress issues - one is a trackback problem with decoding the charset and the other an XSS vulnerability.
The first advisory notes that:
While testing WordPress it was discovered that WordPress supports trackbacks in different charsets when PHP's mbstring extension is installed. This feature can be abused to bypass WordPress's SQL parameter escaping which leads to an SQL injection vulnerability that can result in a compromise of the admin account and end in a server compromise.
The second advisory talks about a problem with the WordPress admin interface that leaves it open to cross-site scripting issues.
The WordPress group has already released an updated version to resolve both of these issues. It is highly recommended that you update your installation immediately to prevent the exploits of either of these vulnerabilities.


Hardened-PHP Project: WordPress Vulnerability Advisories (XSS & Trackbacks) - Read More...
  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Derick Rethans' Blog: PHP 4.4.5RC1 available for testing | Ben Ramsey's Blog: Zend Executable Debugger Eclipse Plugin »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads for: Hardened-PHP Project: WordPress Vulnerability Advisories (XSS & Trackbacks)
Thread Thread Starter Forum Replies Last Post
Why would Google ignore Project Mai Tai? Affiliate Blogs Affiliate Marketing 0 12-13-2006 03:25 PM
Community News: debugConsole Project Affiliate Blogs Programming Help 0 11-28-2006 12:39 AM
Project X Is Still Going Strong! Affiliate Blogs Affiliate Marketing 0 11-20-2006 09:29 PM
Hardened-PHP Project: Dotdeb PHP Email Header Injection Vulnerability Affiliate Blogs Programming Help 0 11-14-2006 10:23 PM
WordPress Tutorial: Making a good sitemap for your Wordpress blog RS Marifer Content Management & DataFeeds 0 11-13-2006 09:07 PM



© 2004-6 RevenueSource.com.  All rights reserved.  Do not duplicate or redistribute in any form.
This website and its logos/design are property of RevenueSource.com.  All rights reserved. vBSEO 3.2.0 RC7

Contact Us - Affiliate Marketing & SEO Forums - Archive - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34