WordPress.org

Ready to get started?Download WordPress

Forums

(security issue) WordPress PHP Code Injection Vulnerability (10 posts)

  1. clsung
    Member
    Posted 8 years ago #

    Have anyone observe this problem?

    "WordPress PHP Code Injection Vulnerability"
    http://secunia.com/advisories/20271/
    http://www.securityfocus.com/archive/1/435039/30/0/threaded

  2. Lester Chan
    Member
    Posted 8 years ago #

    it has been posted before

  3. whooami
    Member
    Posted 8 years ago #

    Yes, it's been brought to the attn of the devs, and mentioned on the forums 2x today already.

    Dare I reply lest this thread is removed also.

  4. This vulnerability will not affect your blog unless the following three criteria are met:

    1. You have enabled the caching of db info to disk which is disabled by default in 2.0.2
    2. You have a simple /null database password. This is needed to make the filename of the cache file guessable and the exploit easy to achieve
    3. You have user registration enabled

    Basically for a default 2.0.2 install you are completely safe if you don't have the cache enabled or user registration is disabled and you are still pretty safe with them enabled unless your db password is easy to guess.

  5. Mark (podz)
    Support Maven
    Posted 8 years ago #

    "Dare I reply lest this thread is removed also."

    'Security' threads are not usually removed but some people do get overexcited and we'll start having the "OMG!!11111!!!!! My BloG wiLL bE HacKed!!!!" gang descending in droves, slagging the program off, saying WP takes nothing seriously etc etc etc. That does nothing except give a platform to people who know little but can scare more, and worry those who have no need. It gets really tedious.
    The decision to close the thread / respond was taken on the forum list - no coders had any input before that.
    Hasty? Possibly, but from experience it turns into firefighting and those threads never ever have a "WP is doing something? Cool, we are all reassured". If that happened, great. But it doesn't.

    Like Westi has said, this takes a set of circumstances rather than a simple action.

    I'll add that people should take note of (2) above:
    "You have a simple /null database password."
    Regardless of ANY exploit the weakest link in your wp install is your password. Make it better.

    http://keepass.sourceforge.net/

  6. Samuel Wood (Otto)
    Tech Ninja
    Posted 8 years ago #

    1. You have enabled the caching of db info to disk which is disabled by default in 2.0.2

    Actually, I believe that is enabled by default. At least, my site has the cache, and I never explicitly turned it on.

    2. You have a simple /null database password. This is needed to make the filename of the cache file guessable and the exploit easy to achieve
    3. You have user registration enabled

    Both true.

  7. Mark (podz)
    Support Maven
    Posted 8 years ago #

    If your wp-content is writable, then cache is ON by default in 2.0.2

    If your wp-content is NOT writable, then cache is not written but you see no error.

    It is therefore ON.

    as I wrote here:
    http://wordpress.org/support/topic/73817?replies=9

    Either way, the right people know.

  8. spencerp
    Member
    Posted 8 years ago #

    I don't usually worry too much about "security issues", because I'm quite sure the "top notches" know of it and things will be dealt with accordingly. =)

    I just noticed earlier about 2.0.3 Beta being ready for download and ready for "testing" on the list..so I'm grabbing a copy of that. I'm not sure if those "security issues" were handled in that or not, but I'm just downloading it anyways lol!

    spencerp

    EDITED* I meant, I noticed that the "version" was changed to 2.0.3-beta, so I figured I'd grab it.
    $wp_version = '2.0.3-beta';
    $wp_db_version = 3796;

  9. v2.0.3 is now released with the fix for this included.

    See: http://wordpress.org/development/2006/06/wordpress-203/

  10. clsung
    Member
    Posted 8 years ago #

    That's great, Good work!

Topic Closed

This topic has been closed to new replies.

About this Topic