Archive for May, 2008
WordPress Upload File Plugin SQL Injection
A SQL Injection vulnerability has been reported in WordPress by the Balsec Team. The advisory is lacking alot of detail.
This post will be updated as new information is made available.
WordPress 2.3.3 Directory Traversal Vulnerability
Sandor Attila Gerendi found a vulnerability within WordPress 2.3.3, which under certain circumstances allows an attacker to run arbitrary PHP code on WordPress 2.3.3.
Input passed via the “cat” parameter to index.php is not properly sanitised in the “get_category_template()” function in wp-includes/theme.php before being used to include files in template-loader.php. This can be exploited to include [...]
WordPress 2.5.1 Malicious File Execution
CWH Underground have published an advisory regarding a malicious file execution vulnerability in WordPress 2.5.1.
We do not quite follow this advisory. The vulnerability discusses the idea of uploading a PHP backdoor onto a WordPress blog via the upload file facility, or via the plugin edit facility. I don’t think this is really a [...]
Comprehensive Vulnerability Scanner
BlogSecurity have been discussing merging the wp-scanner project with GNUCITIZEN to provide a more comprehensive vulnerability scanning solution.
At the moment, the WordPress vulnerability scanning will be free, however, premium services will be available to scan your entire web server for known vulnerabilities. The premium service as it stands will allow you to scan mail services, [...]
Vulnerability Hidden in Blog
Aviv Raff, an Israeli security researcher has made an unpatched Internet Explorer 7 & 8 vulnerability public by hiding it on his blog.
Creating a vulnerability treasure hunt on your blog is one technique you wont find in any SEO book. We assume this is a publicity stunt, especially as an exploit of this caliber could [...]
