This is CVE-2007-6013 since 19th Nov including WordPress ticket #5367: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6013
- Juha-Matti "Steven J. Murdoch" <[EMAIL PROTECTED]> kirjoitti: > >On Tue, Nov 20, 2007 at 07:08:36PM +0100, Stefan Esser wrote: >Could you elaborate why you consider this news? Most public SQL >injection exploits for Wordpress use this cookie trick. > >I couldn't find it on the Wordpress bug tracker and when I mentioned >it to the Wordpress security address, they did not mention having >heard of it before. I also couldn't find a detailed explanation of the >problem online, nor in the usual vulnerability databases. Blog >administrators, like me, therefore risk sites being compromised >because they didn't realize the problem. > >It seemed intuitive to me that restoring the database to a known good >state would be adequate to recover from a Wordpress compromise >(excluding guessable passwords). This is the case with the UNIX >password database and any similarly implemented system. Because of the >vulnerability I mentioned, this is not the case for Wordpress. > >So I also thought it important to describe the workarounds, and fixes. >If these were obvious, Wordpress would have already applied them. Some >commenters did not think that the current password scheme needs to be, >or can be improved, despite techniques to do so being industry >standard for decades. Clearly this misconception needs to be >corrected. > >I did mention that this was being exploited, so obviously some people >already know about the problem, but not the right ones. Before I sent >the disclosure, there was no effort being put into fixing the problem. >Now there is. Hopefully blog administrators will also apply the >work-arounds in the meantime. > >Steven. > >-- >w: http://www.cl.cam.ac.uk/users/sjm217/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
