Comments on: WordPress 1.5.1.3 Remote Access Exploit http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/ Tech, Web, How to, Reviews, Tips, Downloads, and Make Money Online Sat, 22 Nov 2008 00:27:41 +0000 http://wordpress.org/?v=2.6.3 By: Amir Schricker > Blog Archive > How to Turn register_globals Off http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-23051 Amir Schricker > Blog Archive > How to Turn register_globals Off Sun, 16 Apr 2006 05:12:02 +0000 http://www.liewcf.com/blog/?p=1688#comment-23051 [...] I have to give credit to this site for telling me how: [...] [...] I have to give credit to this site for telling me how: [...]

]]> By: Schleifstein.net » Blog Archive » more hack fixes http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-17347 Schleifstein.net » Blog Archive » more hack fixes Wed, 08 Feb 2006 15:09:33 +0000 http://www.liewcf.com/blog/?p=1688#comment-17347 [...] my info on wordpress 1.5 vunerability [...] [...] my info on wordpress 1.5 vunerability [...]

]]> By: James http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-12031 James Wed, 17 Aug 2005 10:01:35 +0000 http://www.liewcf.com/blog/?p=1688#comment-12031 update wordpress to the latest version :) fixes the problem update wordpress to the latest version :) fixes the problem

]]> By: Mark J http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11948 Mark J Sun, 14 Aug 2005 13:55:42 +0000 http://www.liewcf.com/blog/?p=1688#comment-11948 Info on patching the vulnerability <a href="http://wordpress.org/support/topic/41836" rel="nofollow">here</a>. The hole has been plugged, and a 1.5.2 release should be coming out shortly. Info on patching the vulnerability here. The hole has been plugged, and a 1.5.2 release should be coming out shortly.

]]> By: gilachess http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11945 gilachess Sun, 14 Aug 2005 12:30:54 +0000 http://www.liewcf.com/blog/?p=1688#comment-11945 Ha ha.. I reported this hack and vulnerability at least 2-3 weeks ago but got nobody's attention. Some people even questioned me how their beloved WordPress could possibly have any security holes in it. Well now I'm vindicated. :) Anyway I've also removed PHPRPC modules from my postnuke as well as my WordPress installation. Ha ha.. I reported this hack and vulnerability at least 2-3 weeks ago but got nobody’s attention. Some people even questioned me how their beloved WordPress could possibly have any security holes in it.

Well now I’m vindicated. :)

Anyway I’ve also removed PHPRPC modules from my postnuke as well as my WordPress installation.

]]> By: My Other Side of the Stories » » Wordpress v1.5.1.3 Exploit http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11942 My Other Side of the Stories » » Wordpress v1.5.1.3 Exploit Sun, 14 Aug 2005 10:31:41 +0000 http://www.liewcf.com/blog/?p=1688#comment-11942 [...] If you’re using Wordpress v1.5.1.3, you should aware of the latest exploit found on this latest Wordpress version. SecuriTeam posted this exploit on August 10th, as quoted below (via LiewCF): A vulnerability in WordPress’s handling of incoming cookie information allows remote attackers to cause the program to execute arbitrary code if the PHP settings of register_globals has been set to On. [...] [...] If you’re using Wordpress v1.5.1.3, you should aware of the latest exploit found on this latest Wordpress version. SecuriTeam posted this exploit on August 10th, as quoted below (via LiewCF): A vulnerability in WordPress’s handling of incoming cookie information allows remote attackers to cause the program to execute arbitrary code if the PHP settings of register_globals has been set to On. [...]

]]> By: LcF http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11933 LcF Sat, 13 Aug 2005 16:57:45 +0000 http://www.liewcf.com/blog/?p=1688#comment-11933 Thank you, Edrei. :) Thank you, Edrei. :)

]]> By: Edrei http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11930 Edrei Sat, 13 Aug 2005 15:01:33 +0000 http://www.liewcf.com/blog/?p=1688#comment-11930 Well...that actually have come up with a fix a while ago. I don't know why Matt hasn't released the new version yet. The fix can be found <a href="http://trac.wordpress.org/file/branches/1.5/wp-settings.php" rel="nofollow">here</a> Sorry you guys had to go through the trouble of fixing it. Next time tell me and I'll give the heads up direct from the WP peeps. :) Well…that actually have come up with a fix a while ago. I don’t know why Matt hasn’t released the new version yet.

The fix can be found here

Sorry you guys had to go through the trouble of fixing it. Next time tell me and I’ll give the heads up direct from the WP peeps. :)

]]> By: LcF http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11923 LcF Sat, 13 Aug 2005 05:34:14 +0000 http://www.liewcf.com/blog/?p=1688#comment-11923 <blockquote>The quick fix is to place unset($wp_filter);</blockquote>I will still goto turn off register_globals. However, the quick fix is good if you are running other web script that required register_global ON.

The quick fix is to place

unset($wp_filter);

I will still goto turn off register_globals. However, the quick fix is good if you are running other web script that required register_global ON.

]]> By: uzyn http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11922 uzyn Sat, 13 Aug 2005 05:13:40 +0000 http://www.liewcf.com/blog/?p=1688#comment-11922 <blockquote>Yeah can be done from windows box if you does have a shell account.</blockquote> I did it without any shell account or whatsoever. Directly from my PC, not virtually through other Linux box.

Yeah can be done from windows box if you does have a shell account.

I did it without any shell account or whatsoever.

Directly from my PC, not virtually through other Linux box.

]]> By: pandaboy http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11920 pandaboy Sat, 13 Aug 2005 04:11:28 +0000 http://www.liewcf.com/blog/?p=1688#comment-11920 I found this via Blogsome forum: <blockquote>"There is an exploit for Wordpress up and including to 1.5.1.3 out in the wild, which works on webservers with enabled register_globals.. The quick fix is to place unset($wp_filter); in index.php at the very top, right after Link: <a href="http://www.blogsome.com/forum/viewtopic.php?t=1039" rel="nofollow">http://www.blogsome.com/forum/viewtopic.php?t=1039</a> Sounds like an easier approach, what do you think?</blockquote> I found this via Blogsome forum:

“There is an exploit for Wordpress up and including to 1.5.1.3 out in the wild, which works on webservers with enabled register_globals..

The quick fix is to place

unset($wp_filter);

in index.php at the very top, right after

Link: http://www.blogsome.com/forum/viewtopic.php?t=1039

Sounds like an easier approach, what do you think?

]]> By: ahkiong http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11919 ahkiong Sat, 13 Aug 2005 03:46:41 +0000 http://www.liewcf.com/blog/?p=1688#comment-11919 Yeah can be done from windows box if you does have a shell account. Yeah can be done from windows box if you does have a shell account.

]]> By: LcF http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11918 LcF Sat, 13 Aug 2005 03:03:11 +0000 http://www.liewcf.com/blog/?p=1688#comment-11918 <blockquote>Err… if you don’t mind… my name is uzyn. not uync.</blockquote> Sorry, corrected.

Err… if you don’t mind… my name is uzyn. not uync.

Sorry, corrected.

]]> By: uzyn http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11917 uzyn Sat, 13 Aug 2005 00:31:24 +0000 http://www.liewcf.com/blog/?p=1688#comment-11917 Yup. He's just secured it. The exploit is not just Linux only. Those are just means to pass in variables. I'm doing it from a Windows box. Yup. He’s just secured it.

The exploit is not just Linux only. Those are just means to pass in variables.

I’m doing it from a Windows box.

]]> By: ahkiong http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11916 ahkiong Sat, 13 Aug 2005 00:16:19 +0000 http://www.liewcf.com/blog/?p=1688#comment-11916 Less poeple would know how to use Linux but probably out there, some will do it. The exploit could only be run from either any sort of linux console. Perl *.php http://*.com /dir port "uname -a" and seems like LiewCF website is fine from here. There are no available vulnerable i guess. Less poeple would know how to use Linux but probably out there, some will do it. The exploit could only be run from either any sort of linux console. Perl *.php http://*.com /dir port “uname -a” and seems like LiewCF website is fine from here. There are no available vulnerable i guess.

]]> By: geckoseiya http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11817 geckoseiya Fri, 12 Aug 2005 22:19:55 +0000 http://www.liewcf.com/blog/?p=1688#comment-11817 LOL LOL

]]> By: uzyn http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11814 uzyn Fri, 12 Aug 2005 18:55:12 +0000 http://www.liewcf.com/blog/?p=1688#comment-11814 Err... if you don't mind... my name is uzyn. not uync. Thanks. Err… if you don’t mind… my name is uzyn. not uync.

Thanks.

]]> By: uzyn.com http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11813 uzyn.com Fri, 12 Aug 2005 18:50:37 +0000 http://www.liewcf.com/blog/?p=1688#comment-11813 <strong>Wordpress Exploit: How to Secure Yourself</strong> There’s a newly discovered Wordpress exploit that the Wordpress team did not get in time to fix yet. Basically, what that means is that virtually almost all Wordpress-powered blogs are vulnerable to the attack. RTFA, there’s even the cod... Wordpress Exploit: How to Secure Yourself

There’s a newly discovered Wordpress exploit that the Wordpress team did not get in time to fix yet. Basically, what that means is that virtually almost all Wordpress-powered blogs are vulnerable to the attack.
RTFA, there’s even the cod…

]]> By: LcF http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11812 LcF Fri, 12 Aug 2005 18:39:47 +0000 http://www.liewcf.com/blog/?p=1688#comment-11812 thank you for the advice. I was only want to make more people aware of it. Now I think many WP blogger will be protected because of your tips. Thank you. :) thank you for the advice. I was only want to make more people aware of it. Now I think many WP blogger will be protected because of your tips. Thank you. :)

]]> By: uzyn http://www.liewcf.com/blog/archives/2005/08/wordpress-1513-remote-access-exploit/#comment-11811 uzyn Fri, 12 Aug 2005 18:24:02 +0000 http://www.liewcf.com/blog/?p=1688#comment-11811 Just another advice, when you know that your site is vulnerable, you don't post code for people to hack your own site. That's like leaving your house key at the door knob. Just another advice, when you know that your site is vulnerable, you don’t post code for people to hack your own site.

That’s like leaving your house key at the door knob.

]]>