First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 161278
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Executioner <keith@email.arizona.edu>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
wordpress_exploit.php www-apps/wordpress (versions <= 2.0.6) wp-trackback.php Remote SQL Injection exploit text/plain Emanuele Gentili 2007-01-10 07:36 0000 7.40 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 161278 depends on: Show dependency tree
Bug 161278 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-01-10 05:55 0000 
http://www.milw0rm.com/exploits/3109

Reproducible: Didn't try

------- Comment #1 From Emanuele Gentili 2007-01-10 07:19:49 0000 ------- 
millw0rm is down,

see this advisory POC:

http://www.securityfocus.com/archive/1/455927

------- Comment #2 From Emanuele Gentili 2007-01-10 07:36:48 0000 ------- 
Created an attachment (id=106318) [details]
www-apps/wordpress (versions <= 2.0.6) wp-trackback.php Remote SQL Injection
exploit

the first past is wrong, I'm sorry.

this attach contain milw0rm exploit about wp-trackback.php Remote SQL
Injection.

------- Comment #3 From Matthias Geerdsen 2007-01-16 14:23:39 0000 ------- 
fixed in 2.0.7 it seems:

http://wordpress.org/development/2007/01/wordpress-207/

web-apps, pls update

------- Comment #4 From Matthias Geerdsen 2007-01-16 14:29:06 0000 ------- 
*** Bug 162302 has been marked as a duplicate of this bug. ***

------- Comment #5 From Steve Dibb 2007-01-17 03:53:22 0000 ------- 
2.0.7 in CVS

------- Comment #6 From Raphael Marichez 2007-01-17 22:31:11 0000 ------- 
Security team please vote.

the exploit comments say:
"(needs register_globals=on, 4 <= PHP < 4.4.3,< 5.1.4)"

---> trash

i vote No.

------- Comment #7 From Matthias Geerdsen 2007-01-22 16:56:24 0000 ------- 
agreed, closing


from wordpress.org:

Here are the changes that have been made since 2.0.6:

    * Security fix for wp_unregister_GLOBALS() to work around the
zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5
versions less than 5.1.4 with register_globals set to “On.”

[...]
First Last Prev Next    No search results available      Search page      Enter new bug