|
2005-08-14, 07:55 PM | #1 |
WHO IS FONZY!?! Don't they teach you anything at school?
Join Date: Jul 2005
Posts: 40
|
Wordpress Exploit if any one run's blogs
This is a HUGE exploit in wordpress!
Vulnerable Systems: * WordPress version 1.5.1.3 and prior (with register_globals) Immune Systems: * WordPress version 1.5.1.4 or newer [Code Removed] Check your hosting company if they patched this! |
2005-08-14, 07:57 PM | #2 |
Certified Nice Person
|
In English, please?
__________________
Click here to purchase a bridge I'm selling. |
2005-08-14, 10:08 PM | #3 |
WHO IS FONZY!?! Don't they teach you anything at school?
Join Date: Jul 2005
Posts: 40
|
Mommy doesnt hold your hand all the time does she Research it! You have to make sure you turn this off create a php.ini and put it in your root directory. Thats the code for the exploit to look for that has the issues!
php_flag register_globals off http://wordpress.org/development/200...ordpress-1513/ |
2005-08-14, 10:24 PM | #4 |
WHO IS FONZY!?! Don't they teach you anything at school?
Join Date: Feb 2005
Posts: 43
|
How nice of you to post the code so now any idiot searching for it can find it here and play with the blogs.
|
2005-08-14, 11:45 PM | #5 |
WHO IS FONZY!?! Don't they teach you anything at school?
Join Date: Jul 2005
Posts: 40
|
Actually the code is plastard over the internet every where! And i didnt mean to post to show how to do it. To show what to look for to fix it. Sorry if it upset anyone
Regards, |
2005-08-14, 11:47 PM | #6 | |
Certified Nice Person
|
Quote:
__________________
Click here to purchase a bridge I'm selling. |
|
2005-08-15, 12:42 AM | #7 | |
Heh Heh Heh! Lisa! Vampires are make believe, just like elves and gremlins and eskimos!
|
Quote:
There is crime all over the world, do you help promote that as well? It doesn't matter if its posted all over.. you just gave it another home on the net. It's called having ethics.. |
|
2005-08-15, 12:53 AM | #8 |
WHO IS FONZY!?! Don't they teach you anything at school?
Join Date: Jul 2005
Posts: 40
|
And to note i didnt post the code to leave another place for people to look for it. I posted it as to what you need to look for to rectify the issue i by no means was i trying to bring harm or trying to be rewd i apologize for posting the exploit then next time there is one i wont post nothing!
Easy there buddy no need to get all sweaty! Gees, and it's not called being useless i NOTIFIED about the ISSUE it's not even a fix you can do. you have to make sure your hosting company has it turned off or they have root access to the whole server. And a little foot note id love to see you call me cocksucker to my face that shit you dont even need to say leave those comments to the peanut gallery! Last edited by bootybanditinc; 2005-08-15 at 12:56 AM.. Reason: spelling |
2005-08-15, 12:59 AM | #9 | |
Certified Nice Person
|
Quote:
__________________
Click here to purchase a bridge I'm selling. |
|
2005-08-15, 02:17 AM | #10 |
I like to blog :)
Join Date: Sep 2003
Posts: 1,050
|
I doubt you'd want useless in your face.
His moustache smells! |
2005-08-15, 12:17 PM | #11 |
Stupid risks make life worth living
|
How can you tell what version of Word Press you have?
__________________
THIS IS MY SIG - CLICK IT. |
2005-08-15, 01:28 PM | #12 |
I like to blog :)
Join Date: Sep 2003
Posts: 1,050
|
Jenc,
I havent a clue myself. I went ahead and installed the new update though, Its fairly fast and easy. Delete WP-Admin Delete WP-Includes Delete any root diretory files begining with WP-* BUT DO NOT DELETE the one that tells the script where your info is. leave WP-CONTENT and wp-images alone. once those are deleted, upload the new files. simple as pie. did it to 4 blogs last night in a matter of 15 minutes. |
2005-08-15, 01:59 PM | #13 |
Stupid risks make life worth living
|
Well I went to that link above and tried to download the new 1.5.1.3 but I couldn't help but notice that the download still said 1.5.1.2. Has version 3 even been released yet?
__________________
THIS IS MY SIG - CLICK IT. |
2005-08-15, 02:29 PM | #14 |
Just because I don't care doesn't mean I don't understand!
Join Date: May 2005
Posts: 96
|
I've just fixed the .htaccess for now, should be good enuff.
|
2005-08-15, 03:21 PM | #15 |
I like to blog :)
Join Date: Sep 2003
Posts: 1,050
|
jen, when i downloaded it said 1.5.2 not 1.5.1.2
checking now and... still does. if you're downloading herE: http://wordpress.org/download/ that's 1.5.2 |
2005-08-15, 03:55 PM | #16 | |
Stupid risks make life worth living
|
Quote:
__________________
THIS IS MY SIG - CLICK IT. |
|
|
|