BlogSecurity

WordPress Thrashing Authorisation Bypass

Philipp — Mon, 22 Feb 2010 21:41:28 +0000

Thomas Mackenzie has reported a vulnerability affecting Wordpress >= 2.9. Versions before 2.9 are not vulnerable. tmacuk quote: Since version 2.9 a new feature was implemented so that users were able to retrieve posts that they may have deleted by accident. This new feature was labelled ‘trash’. Any posts that are placed within the trash are only viewable [...]

WordPress Trackback < 2.8.5 Denial of Service

DK — Tue, 12 Jan 2010 22:00:03 +0000

If you are running WordPress < 2.8.5 and finding your blog inaccessible at times this post may be for you. A denial of vulnerability was released back in Oct 2009 that affects < WordPress 2.8.5. The exploit sends a continuous stream of POST requests with overly large blog titles to wp-trackback.php. This could result in the [...]

Distributed WordPress Password Guessing

DK — Tue, 08 Dec 2009 23:00:22 +0000

One of The Internet Storm Center readers recently discovered a malicious WordPress hacking script. The script is nothing more then a password guessing tool. However, what makes it unique — as pointed out by ISC, is the fact that it uses a MySQL database backend to store password attempts. This means the script could be executed [...]

BlogSecurity Upgrade and Move

DK — Tue, 08 Dec 2009 22:32:29 +0000

Hey guys, we had loads of emails recently regarding wp-scanner just not working. Unfortunately, our old hosting company performed an upgrade which broke our DNS and configurations. To add insult to injury we were also in the process of moving to a new server at a new provider so things have been an utter a [...]

WordPress

DK — Tue, 11 Aug 2009 15:02:50 +0000

An exploit has been released for all current versions of WordPress including WordPress

Critical IPhone SMS Vulnerability

DK — Tue, 11 Aug 2009 14:48:05 +0000

Apple is releasing a critical patch on Saturday to address a recent vulnerability that was demonstrated at the infamous Blackhat hacking conference. Charlie Miller, a consultant with Independent Security Evaluators, and Collin Mulliner, a PhD student at the Technical University of Berlin, presented the details of the vulnerability at the Black Hat Security Conference in Las [...]

WordPress 2.8.3 Fixes Security Holes

DK — Tue, 04 Aug 2009 21:43:40 +0000

If you haven’t already done so, we’d stongly recommend upgrading to WordPress 2.8.3. Also, the WordPress 2.0.x branches are now deprecated (a bit earlier then expected) and will therefore no longer be maintained. [Link] Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. [...]

WordPress Plugin DM Albums 1.9.2 vulnerabilities

DK — Wed, 01 Jul 2009 13:33:37 +0000

DM Albums™ is an inline photo album/gallery plugin that displays high quality images and thumbnails perfectly sized to your blog. Two vulnerabilities have been made public: 1. Stack released a “remote file disclosure vulnerability” (Low-Medium Risk Level) 2. Septemb0x released a “remote file include vulnerability” (Critical Risk Level) An attacker could use these vulnerabilities to potentially gain full access [...]

WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability

DK — Wed, 01 Jul 2009 13:26:07 +0000

A critical vulnerability has been discovered in the WordPress Plugin Related Sites plugin. An exploit is available in the wild and available on Milw0rm, making this attack easier to exploit. Although, the vulnerability says that version 2.1 is vulnerable. You should assume previous versions are vulnerable as well. BlogSec have confirmed that the current version (at the [...]

Critical phpMyAdmin Vulnerabilities Discovered

DK — Wed, 10 Jun 2009 20:49:48 +0000

A number of bloggers and web site owners use phpMyAdmin for easy database administration. Two critical vulnerabilities have been discovered that could be used to gain full access to the affected server. Exploits have already been made publicly available, see GNUCITIZEN for an example: http://172.16.211.10/phpMyAdmin-3.0.1.1//config/ config.inc.php?p=phpinfo(); Description Setup script used to generate configuration can be fooled using a crafted POST [...]