Actualizaciones Recientes Página 2 RSS Toggle Comment Threads | Atajos de Teclado

  • alex 3:54 pm on September 12, 2009 Enlace permanente | Responder
    Tags: , file upload, graffiti cms,   

    Graffiti CMS Arbitrary File Upload Vulnerability 

    It seems the FCKeditor’s bug is the same I discovered in Graffiti CMS. If anyone is interested, the details are published in milw0rm.

     

  • alex 3:45 pm on September 12, 2009 Enlace permanente | Responder  

    I’m back 

    It seems that it is time to start blogging again. :)

     

  • alex 11:22 am on October 27, 2007 Enlace permanente | Responder
    Tags: John McCarthy, Lisp, programming   

    Programming: You’re Doing it Completely Wrong 

    Programming: You're Doing It Completely Wrong

     

    • James 11:39 pm on September 17, 2008 Enlace permanente

      Hi, I found your blog on this new directory of WordPress Blogs at blackhatbootcamp.com/listofwordpressblogs. I dont know how your blog came up, must have been a typo, i duno. Anyways, I just clicked it and here I am. Your blog looks good. Have a nice day. James.

    • mad 7:10 pm on October 14, 2008 Enlace permanente

      Superb motivator! Do you have it at a higher resulotion, I\’d like to print it ^_^

  • alex 9:28 am on September 25, 2007 Enlace permanente | Responder
    Tags: backup, backup plugin, BlogSecurity, plugin, ,   

    Insecure Way to Upgrade to WordPress 2.3 

    As you may already know, WordPress 2.3 has been released yesterday and many folks around the world are sharing their upgrade experiences. The one that caught my attention was the “5 Step Failsafe upgrade for WordPress” published at BlogSecurity.

    Not offense intended but I wonder why a blog dedicated to security recommends an insecure backup plugin that can allow anyone to download database backups or any file from the file system.

    If you are planning to upgrade your WordPress blog, just try to do manual steps because many backup plugins are very insecure — if you still want to use some of them, deactivate it when the upgrade process is completed.

     

    • David Kierznowski 10:43 am on September 25, 2007 Enlace permanente

      Alex, why am I not surprised you have another vulnerability to share :)
      Is the vul public?

    • alex 11:32 am on September 25, 2007 Enlace permanente

      David, is not public yet, however I do not plan to write any advisory. :)

    • David Kierznowski 1:08 pm on September 25, 2007 Enlace permanente

      I hope you keep us in the loop champ! I think BlogSec may even sponsor this plugin, it may have some bugs, buts its an absolutely awesome project!

    • Roland Rust 12:32 am on September 26, 2007 Enlace permanente

      Alex, BackUpWordPress is a beta release, I haven’t had too much support from experienced WordPress users until now. Please tell me more about the vulnerabilities you find in the plugin. Thanks a lot in advace!

    • Roland Rust 2:48 am on September 26, 2007 Enlace permanente

      Alex, a bug-fix release of BackUpWordPress was released this moment. The plugin’s backup repository is now secured by .htaccess. I also have added capabilities to the Plugin, to allow the blog admin to download backup archives.
      Thans a lot for pointing out security issues in BackUpWordPress!

    • alex 10:30 am on September 26, 2007 Enlace permanente

      Well done Roland!, I didn’t answer before because I was sleeping :)

    • Roland Rust 3:55 pm on September 26, 2007 Enlace permanente

      Alex, I’m happy to see some WordPress core developers having a look at my plugins. I have set up a forum (http://wpforum.designpraxis.at/) for support, bug reports, troubleshooting etc., if you happen to run into more security issues with my stuff, please let me know!

  • alex 7:45 am on September 20, 2007 Enlace permanente | Responder
    Tags: supportsKeywords, tags, Windows Live Writer, wlwmanifest.xml, WordPress 2.3   

    Enable tag support on Windows Live Writer and WordPress 2.3 

    Update: Joseph Scott has made a better manifest file.

    As you may already know, WordPress 2.3 will have built-in tag support and to enable tags on Windows Live Writer you have to upload a manifest file to your blog’s root.

    xml:

    <manifest xmlns="http://schemas.microsoft.com/wlw/manifest/weblog">
    <options>
    <supportskeywords>Yes</supportskeywords>
    <supportsfileupload>Yes</supportsfileupload>
    <supportsextendedentries>Yes</supportsextendedentries>
    <supportscustomdate>Yes</supportscustomdate>
    <supportscategories>Yes</supportscategories>
    <supportscategoriesinline>Yes</supportscategoriesinline>
    <supportsmultiplecategories>Yes</supportsmultiplecategories>
    <supportshierarchicalcategories>Yes</supportshierarchicalcategories>
    <supportsnewcategories>Yes</supportsnewcategories>
    <supportsnewcategoriesinline>Yes</supportsnewcategoriesinline>
    <supportscommentpolicy>Yes</supportscommentpolicy>
    <supportspingpolicy>Yes</supportspingpolicy>
    <supportsauthor>Yes</supportsauthor>
    <supportsslug>Yes</supportsslug>
    <supportspassword>Yes</supportspassword>
    <supportsexcerpt>Yes</supportsexcerpt>
    <supportstrackbacks>Yes</supportstrackbacks>
    <supportspages>Yes</supportspages>
    <supportspageparent>Yes</supportspageparent>
    <supportspageorder>Yes</supportspageorder>
    <requiresxhtml>True</requiresxhtml>
    <supportsautoupdate>No</supportsautoupdate>
    </options>
    <weblog>
    <homepagelinktext>View your blog</homepagelinktext>
    <adminlinktext>Administer your blog</adminlinktext>
    <adminurl><!--[CDATA[
    {blog-homepage-url}wp-admin
    ]]-->    </adminurl></weblog></manifest>

    <posteditingurl><!--[CDATA[
    {blog-homepage-url}wp-admin/edit.php
    ]]-->    </posteditingurl>
     
     

← Página Anterior | Siguiente Página →

c
componer nuevo post
j
siguiente post/siguiente comentario
k
anterior post/anterior comentario
r
responder
e
editar
o
mostrar/ocultar comentarios
t
ir al principio
l
go to login
h
show/hide help
esc
cancelar