WordPress 2.2 Vulnerability
Filed Under (News) by DK on 30 May 2007

Alexander Concha sent us an email today discussing a vulnerability he has just released for WordPress 2.2.

The vulnerability is another SQL Injection vulnerability in xmlrpc.php affecting WordPress 2.2 (and most likely all versions).

The risk of the attack is slightly less-severe as it requires authentication. According to Alex one requires atleast a subscriber level account to exploit the hole. He has also released a proof of concept exploit that dumps a list of usernames and hashed passwords from the database.

WordPress have released a fix for the vulnerability, and it is fairly trivial to patch:

  1. Go to your WordPress root directory
  2. Make a copy of your xmlrpc.php file. Edit the original xmlrpc.php and find the following code:

    3. $max_results = $args[4];

  3. Add (int) before $args like this:

    4. $max_results = (int) $args[4];

  4. Save and exit

Alex, thanks for letting us know and keep up the great work. An english version of his post is available here.

WordPress BlogWatch has been updated to reflect this finding.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

Rod on 30 May, 2007 at 11:33 am #

You mean like this?

$max_results = (int) $args[4];


David Kierznowski on 30 May, 2007 at 11:44 am #

Rod, quite correct, thanks for that. If in doubt please see: http://trac.wordpress.org/changeset/5570


rodtempleton.net » SQL injection vulnerability in WordPress 2.2 on 30 May, 2007 at 1:13 pm #

[...] has a post about another SQL injection vulnerability, this time in WordPress 2.2, although it turns out to not [...]


Neue Sicherheitslücke in Wordpress 2.2 von Marnems Sicht der Dinge on 30 May, 2007 at 5:17 pm #

[...] ist im gerade mal 2 Wochen alten Wordpress eine neue Sicherheitslücke aufgetaucht. Vermutlich sind auch die Vorgängerversionen [...]


苦牢之最後一年 on 31 May, 2007 at 1:35 am #

WordPress 2.2 Vulnerability…

有用 WordPress 的人都要記得補洞啊~

剛看到一篇文章,提到說有人找到了 WordPress XMLRPC 的洞,包括 2.2 以前的全系列應該都會有影響 (不過,至少要先有一個 subscriber level 以上的帳號,所以先不…


WordPress 2.2 再爆新弱點 | 憂藍夢境‧部落格 on 31 May, 2007 at 6:35 am #

[...] 中文化 « Cheat Sheet 速查表大集合   五月31st WordPress 2.2 再爆新弱點 2 Views · No Comments funp_genButton(”);WordPress 2.13 版時有人發現滿嚴重的 admin-ajax.php 漏洞,但是到了 2.2 版還是又被人抓到洞了= =” 如果您的 WP 擁有一個 Subscriber 等級以上的帳號就會有危害,請立即 patch [...]


blechBlog on 31 May, 2007 at 7:26 am #

Sicherheitslücke in Wordpress 2.2…

Eine Sicherheitslücke, die sich wahrscheinlich nicht nur in der aktuellen Wordpress-Version wiederfindet,  ermöglicht einen Angriff via SQL-Injection, durch den sich offensichtlich auch die Userdaten auslesen lassen.
Betroffen ist die Datei xml…


VicJuan’s 好人好站 » Blog Archive » Wordpress 2.2安全性漏洞修補 on 2 June, 2007 at 2:30 am #

[...] 今天在這篇文章中提到有人發現wordpress 2.2版的安全性漏洞 如果有一個subscriber等級以上的帳號就可能會有危險 但是修補方法其實很簡單 打開根目錄底下的xmlrpc.php 找到這一行程式碼 $max_results = $args[4]; [...]


Wordpress 2.2: nuova release, nuova vulnerabilità | Daniele Salamina’s Blog on 4 June, 2007 at 11:14 am #

[...] ad Agerry per la segnalazione. Post su Blogsecurity. [...]


Sicherheitslücke bei Wordpress 2.2 at Weblogs und Wikis on 7 June, 2007 at 1:48 am #

[...] Auf Blog Ssecurity findet man die Infos auch auf [...]


Comment
Name:
Email:
Website:
Message: