Posts Mentioning RSS Toggle Comment Threads | Atajos de Teclado

  • alex 9:18 am on August 24, 2007 Enlace permanente | Responder
    Tags: exploits, , sell exploits,   

    Selling exploits 

    Today I received a mail from a guy who want to buy some exploits for WordPress.

    Hi. I have seen exploits for wordpress at milw0rm uploaded by you. If you have this kind of scripts for newer versions of wordpress i can buy them.

    I responded:

    Actually I only have one remote exploit for WordPress <= 2.2.2, it lets you retrieve user credentials from affected blogs. How much do you offer?

    Actually, I’m not interested in selling exploits because they can be used to compromise many vulnerable blogs — two years ago my Spanish blog was defaced in the same fashion, but I wonder how much cost WordPress exploits.

    Let’s see what he’ll respond :)

     

  • alex 11:08 pm on August 6, 2007 Enlace permanente | Responder
    Tags: humor, manager, programmers   

    How to drive your manager crazy in three easy steps… 

    How to drive your manager crazy in three easy steps

    Original image: CodeComics

     

  • alex 10:09 am on August 6, 2007 Enlace permanente | Responder
    Tags: automattic, , sql injection, stats, , wordpress.com, xmlrpc   

    SQL Injection in WordPress.com Stats plugin 

    Overview

    WordPress.com Stats is a plugin developed by Automattic, it lets self-hosted WordPress bloggers use the same traffic metrics system they provide to WordPress.com users. It tracks post and page views, referrers, search terms, and clicks on external links.

    While testing this plugin I found a critical SQL Injection vulnerability that may allow an attacker to retrieve credentials from any user of a WordPress blog — the attacker only needs to know a valid user ID.

    WordPress.com Stats 1.1 and previous versions are affected.

    Technical Details

    WordPress.com Stats plugin registers two new methods (wpStats.get_posts and wpStats.get_blog) on the WordPress XMLRPC server. The vulnerable method is wpStats.get_posts that interally maps to stats_get_posts.

    php:
    function stats_get_posts( $args ) {
    list( $post_ids ) = $args;

    $r = 'include=' . join(',', $post_ids);
    $posts = get_posts( $r );
    $_posts = array();

    foreach ( $post_ids as $post_id )
    $_posts[$post_id] = stats_get_post($post_id);

    return $_posts;
    }

    Due to the lack of validation in stats_get_posts, an attacker can prepare a special XMLRPC request to pass arbitrary parameters and values to get_posts method — it’s posible because get_posts can receive a query string as a parameter.

    get_posts accepts the following variables (defined in $defaults array).

    php:
    function get_posts($args) {
    global $wpdb;

    $defaults = array(
    'numberposts' => 5, 'offset' => 0,
    'category' => 0, 'orderby' => 'post_date',
    'order' => 'DESC', 'include' => '',
    'exclude' => '', 'meta_key' => '',
    'meta_value' =>'', 'post_type' => 'post',
    'post_status' => 'publish', 'post_parent' => 0
    );
    $r = wp_parse_args( $args, $defaults );
    extract( $r, EXTR_SKIP );

    ...
    }

    An attacker can prepare a special XMLRPC call to exploit the vulnerability:

    code:
    &meta_key=%27) SQL INJECTION HERE/*&meta_value=1

    Solution

    Upgrade to the latest version or apply the following patch to avoid SQL Injection attacks on WordPress.com Stats plugin.

    diff:
    Index: stats.php
    ===================================================================
    --- stats.php   (revision 15884)
    +++ stats.php   (working copy)
    @@ -233,6 +233,7 @@
    function stats_get_posts( $args ) {
    list( $post_ids ) = $args;

    +       $post_ids = array_map( 'intval', (array) $post_ids );
    $r = 'include=' . join(',', $post_ids);
    $posts = get_posts( $r );
    $_posts = array();
     
     

    • Cash Advance 12:41 pm on September 19, 2007 Enlace permanente

      Superb write up talking about Alex Concha. I love your posts.

  • alex 11:05 pm on August 1, 2007 Enlace permanente | Responder
    Tags: fall in love, human brain   

    The Human Brain 

    The human brain is the most awesome instrument in the world: works 24 hours a day, 365 days a year, since you are born until you fall in love.

    I lost quote’s source (it was originally written in Spanish)

     

    • Suman 1:14 pm on March 23, 2010 Enlace permanente

      Hi,

      Thanks for your itextsharp.dll .

      Will it work for large documents consisting of more than 1000 pages. And can you please explain me the internal logic, how it is merging the pdf documents

      Please give me reply on this asap.

      Thanks in advance.

c
componer nuevo post
j
siguiente post/siguiente comentario
k
anterior post/anterior comentario
r
responder
e
editar
o
mostrar/ocultar comentarios
t
ir al principio
l
go to login
h
show/hide help
esc
cancelar