[wp-hackers] Security

Thomas Scholz info at toscho.de
Sun Sep 6 15:48:24 UTC 2009


scribu:

> It seems obvious why you wouldn't get critical details for an unfixed
> vulnerabillity like this.

This bug was fixed in v2.8.3, and the new code of this version gives all  
the details anyone wants to know. Nothing to hide anymore.

> If there was a security patch available, you would get that, instead of
> "Upgrade now".

The main problem was: Registered users without any privileges could just  
add double slashes (//) into an URL to get some admin privileges (install  
plugins, mess up the database etc.).


So you have to forbid double slashes in all URLs. The .htaccess way would  
be:

RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /(([^/\ ]+/)*)/+([^\ ]*)
RewriteRule ^ /%1%3 [L,R=301]

But if you have neither Apache nor mod_rewrite, you may use a little  
plugin I wrote:
http://f.toscho.de/SingleSlash.zip

I described the problem en detail (and in German) here:
http://toscho.de/2009/wordpress-2-8-3-das-doppelslash-problem/

Be aware! This fixes really just the double slashes. I can’t and won’t  
guarantee that you’re secure with it. Make the upgrades nevertheless.

Thomas

-- 
Redaktion, Druck- und Webdesign
http://toscho.de · 0160/1764727
Twitter: @toscho


More information about the wp-hackers mailing list