[wp-hackers] Exploit, or no?
Ryan Boren
ryan at boren.nu
Wed Jun 29 00:24:22 GMT 2005
On Tue, 2005-06-28 at 22:52 +0000, Ryan Boren wrote:
> > And to Ryan/Matt, if you would like another set of eyes to review code
> > for that exploit, I'll be available today and tomorrow.
>
> We went ahead and commited for 1.5 and 1.6. Please review and test.
>
> http://trac.wordpress.org/changeset/2667
>
> The problem is with XMLRPC args not being escaped because they come in
> through raw post data, thus avoiding magic quoting.
>
> If you want to try it out, you can svn update from the 1.5 branch or
> download the two updated files. Just drop them on top of 1.5.1.2.
>
> http://trac.wordpress.org/file/branches/1.5/xmlrpc.php?rev=2667&format=txt
> http://trac.wordpress.org/file/branches/1.5/wp-includes/functions-post.php?rev=2667&format=txt
When I backported this from 1.6 I left some 1.6-isms in. Use this new
version of xmlrpc.php.
http://trac.wordpress.org/changeset/2670
http://trac.wordpress.org/changeset/2670
Please test the hell out of XMLRPC. Post, edit, etc. from your favorite
client and make sure I didn't break anything. Test some incoming pings
too.
Ryan
More information about the wp-hackers
mailing list