WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] new 0-day? (8 posts)

  1. Lancerlot
    Member
    Posted 2 years ago #

    So, just saw this link on Reddit:
    0-day
    It says its a vulnerability in 3.0.4 but I just installed 3.2.1...are we safe?

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    It relates to the use of Timthumb in certain themes & plugins. WordPress itself has never used Timthumb.

  3. Lancerlot
    Member
    Posted 2 years ago #

    Ahh ok well thanks for the answer... Just started my first site using WP and wasn't sure.

    I'll have a look through the limited plugins/themes I'm using now to make sure they're not using Timthumb but I'm pretty sure I'm not.

    Thanks again!

  4. esmi
    Forum Moderator
    Posted 2 years ago #

    Any themes uploaded to, or updated on, http://wordpress.org/extend/themes/ within the past 12 months should be fine.

  5. wycks
    Member
    Posted 2 years ago #

    @esmi This exploit has nothing at all to do with timthumb, did you even bother to read it?

    Its is in wp-comments-post.php using something like value="-1337' UNION SELECT (0,@@VERSION)--" id='comment_post_ID'

  6. BoredEnoughToPost
    Member
    Posted 2 years ago #

    Line 20 of wp-comments-post.php of version 3.2.1 is
    $comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;

    <?php
    $var = "-1337' UNION SELECT (0,@@VERSION)--";
    echo $var;
    echo "<br/>";
    $var = (int) $var;
    echo $var;
    ?>

    Produces:

    -1337' UNION SELECT (0,@@VERSION)--
    -1337

    When casting a String to an Int in php it will only cast the string up until it finds an invalid character.

    So all in all, this should have zero effect on the latest version.

  7. wycks
    Member
    Posted 2 years ago #

    And 3.0.4 of wp-comments-post.php, since the code is the same, I believe this was changed in 2.8, so in essence this is bunk.

  8. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    FWIW, this particular vulnerability on comment_post_ID was patched 8 years ago. A bit earlier than version 3.0.4. ;)

    http://core.trac.wordpress.org/changeset/407/trunk/b2comments.post.php

    In other words, this is crap.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags