Nom De Guerre

Many issues can be found here LINK

I absolutely love Wordpress as a CMS, a web publishing platform as well as a great blog application. Over the last year I have made a good living helping people get found by Google, Yahoo and MSN using Wordpress, and original content to get found in the NSO (Natural Search Space).

That being said, I have recently had to clean out this site (Tarky7.com) as well as several others I own and manage from the ravages of an SQL-Java Scripts exploit that has rendered these sites (including this one) to be black listed by Google as security risks.

This site has been fixed, as well as the others, but I am putting this and the previous three posts out there to warn people if some of the brutal and dangerous security issues surrounding the Wordpress publishing platform.

Tarky7

April 18th, 2008

WordPress Parameter Directory Traversal Vulnerability

WordPress is prone to a ‘cat’ directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. This input validation error was originally reported by Sandor Attila Gerendi and exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks.

An attacker can exploit this issue with a browser. The following example URL demonstrates the error:

http://www.yourblog.com/?cat=1.php/../searchform?

WordPress 2.3.3 is vulnerable; other versions may also be affected. Wordpress TRAC has committed fixes to the application’s repository, more information can be found in here. The fix sanitizes “cat” query var and cast to int before looking for a category template.
Bookmark or Share:

April 30th, 2008
WordPress Cookie Integrity Protection Allows Unauthorized Access

WordPress is prone to a vulnerability that allows an attacker to gain unauthorized access. An attacker, who is able to register a specially crafted username on a Wordpress installation, is able to generate authentication cookies for other chosen accounts, including admin account. If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code execution as the web server user.
http://cyberinsecure.com/wordpress-cookie-integrity-protection-allows-unauthorized-accessg/

An attacker wishing to exploit this vulnerability would create an unprivileged account with its username starting with “admin”. The cookie returned on logging into this account can then be manipulated so as to be valid for the administrator account.

Successfully exploiting this issue will compromise the affected application. Attackers can use a browser to exploit this issue.

Versions prior to WordPress 2.5.1 are vulnerable.

Solutions:

1.Upgrade to Wordpress 2.5.1

2. De-select “Anyone can register” in the Membership section of “General Settings” to disable new accounts creation.

LINK