Upgrading Wordpress and old bug issue

Written by gedex on June 8th, 2007. . Categories: just FYI, security, wp. You can follow any responses to this entry through the RSS 2.0 feed

After a long time using 2.0.5, finally, i decided to upgrade to 2.2 (latest stable released on May 15, 2007). Nothing changes if you look from the cover (themes), but as an admin or registered user you’ll see a new stylish login box at wp-login and some changed options in administration page. Actually, holly things are changed inside (scripts). It was easy to upgrade to 2.2, just follow instructions available on wp documentation’s page, section Upgrading Wordpress. I felt glad that all plugins i’ve used before still work in 2.2. There are some reasons why i do upgrading to 2.2, but mostly comes from bug issue. Whilst googling to search vulners in old wp, i found some interesting sites which share exploit to compromise with wp (For your convenience please see wp trac). Here they are :

Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit by Alexander Concha. Actually I’ve not tested this exploit yet. OK here what is as explained ~~from~~ by alex (translated from spanish) :
The error comes from wp_suggestCategories() function in xmlrpc.php file. As it is possible to be observed in that function, a conversion to whole number doesn’t become the value of $max_results, reason why user_login is possible to send values of the type 0 UNION ALL SELECT, user_pass FROM wp_users. Alex gives the exploit which gives back the list of users with his respective passwords in MD5, in addition it also includes the cookies of authentication for each user. In order to correct this problem is to change line $max_results = $args [] of the function wp_suggestCategories() by $max_results = (int) $args [4]. See Changeset 5570. This exploit just viable for blog with user registration enabled
CMIIW
Wordpress Template.PHP HTML Injection Vulnerability by David Kierznowski
A kind of CSRF vulnerability. See Changeset 4665
WordPress Persistent XSS by David Kierznowski which affects the latest version v2.0.5. See Changeset 4665
Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit by Janek Vind a.k.a waraxe. This is a critical security for 2.1.3

And much more for old version. See also :

Wordpress Trac
All vulnerabilities archieve at SecurityFocus, sort vendor to Wordpress
WP Exploits and Vulners at milw0rm
David Kierznowski’s blog
Buayacorp’s blog (Spanish)

There are 6 comments (Leave comment)

6 gedex, 03 Jul 2008 at 9:50 pm

#tataqw
OK, dah ane kirim
untuk plugin gw pakai :
- akismet
- All in one SEO pack
- Google XML Sitemap
- In Series
- MediaWiki markup for wordpress
- Official Comments
- Wordpress.com Stats
- Wordpress Database Backup
- WP Cache
- WP Lightbox 2
- XHTML Video embed

5 tataqw, 03 Jul 2008 at 3:55 pm

Friend, salam kenal dulu dunk…hehehe

Themenya keren banget nich friend, minta dunk! Pliz…

Kirim ke e-mailq za: tataqw@opensuse-id.org

Oh za, sekalian minta saran nich friend. Aq mu bikin blog pake wordpress, plugin apa aja yang kamu pake di blog ini? Aq mu contoh biar aman and g bingung2 lagi/ jawab ya! Awam banget nich,,,,tapi ada tekad and semangat!

Trimakasih…

4 tato, 13 Jun 2007 at 5:52 pm

Dek pas gue cek kok udah nga ada lagi. Jadi super penasaran isi nya apa………

3 gedex, 09 Jun 2007 at 10:41 pm

@tato
kaga masuk cuy.. sama onay jg waktu itu.. klo dr lo dah gak dimoderate. Hehe.. anak eepis bakal tau idfusi dunk :D.

Lhah dah gak mandriva or ubuntu lg luw.. mang user bunglon (ganti2 distr mlulu) lu

2 tato, 09 Jun 2007 at 5:11 pm

Woi. comment gue di nu staffsite kok nga di approve. Biarin aja man. Biar tu orang baca. He…he..he…

1 den odink, 09 Jun 2007 at 10:44 am

i can’t write long message for u but i just wanna say that your content blog’s is so good. bye ..bye c u next time .ok
bye … hacker junior in progress

Post Your Comments

gedex’s blog