Security issues with xmprpc.php (2 posts)

  1. fmouse
    Posted 10 years ago #

    My system here was recently hacked via a rather nasty exploit in xmlrpc (see http://phpxmlrpc.sourceforge.net/). The target file for the exploit was xmlrpc.php, probably part of Drupal. I note that WordPress uses a file by this name, apparently customized for or written for WordPress. Does this file contain code from xmlrpc.inc or xmlrpcs.inc from the phpxmlrpc project, and has it been vetted for and possibly modified to prevent exploits as described at the phpxmlrpc Sourceforge website (and at numerous other places on the Internet)?

  2. ionic
    Posted 10 years ago #

    WordPress >= 1.5 uses a different XMLRPC library and is therefore not vulnerable to those exploits.

Topic Closed

This topic has been closed to new replies.

About this Topic