November 29, 2007
Yes, Folks MT Here
I'm still here using Movable Type, Version 3.01D to be exact. That may be changing very soon. I set up a blog on wordpress.com, but it's entirely too limiting. It's either going to be a local wordpress installation or else i'm going with Drupal.
Posted by 0xFF3300 at 07:12 PM | Comments (0)
June 01, 2005
Wordpress 1.5 SQL-Injection Attack
The most critical vulnerability in the 1.5 release of wordpress is an
SQL-Injection in `wp-trackback.php'. It's not easily exploitable
because you do not get a result when you inject a valid query but it's
possible to bruteforce values in the tables - for example the password
hashes.
Here some details:
The parameter `tb_id' in `wp-trackback.php' is not validated correctly
and there are no quotes in the SQL-query so an attacker is able to
insert sql commands.
$pingstatus = $wpdb->get_var("SELECT ping_status FROM $wpdb->posts
WHERE ID = $tb_id");
Example: (I converted the POST-request into a GET-request.)
> $tb_id = 1 union select user_pass,0 from wp_users
> $url = bla
> $title = bla
wp_users&url=bla&title=bla>
By injecting this query I get following databae error:
> WordPress database error:
> [The used SELECT statements have a different number of columns]
> SELECT ping_status FROM wp_posts WHERE ID = 1 union select 0,
> user_pass from wp_users
When I insert "1 union select user_pass from wp_users" as value for
`tb_id' I get no error message because the query was well-formed -
logical. Through the possibility to insert any sql-command it's
possible to 'reconstruct' values of the tables.
o XSS:
=====
o Disclosure Timeline:
=====================
17 Apr 05 - Security flaws discovered.
19 Apr 05 - Vendor contacted.
10 May 05 - Vendor released bugfixed version.
17 May 05 - Public release.
o Solution:
==========
Upgrade to wordpress 1.5.1 [1]
o Credits:
=========
Thomas Waldegger
BuHa-Security Community - http://buha.info/board/
Posted by 0xFF3300 at 07:21 AM | Comments (0) | TrackBack
May 29, 2005
Trackbacks: Bye-Bye
This is dedicated to all the spammers out there. Trackbacks have been disabled. I'm not sure trackbacks are really used that much anyway anymore. They seem a bit outdated. If someone wants to continue an article or comments on another blog, go right ahead! Cheers mate...
Posted by 0xFF3300 at 07:53 PM | Comments (0)
February 16, 2004
Auto Logon to Windows XP
You can configure Windows XP to automate the logon process if your computer is not part of a domain.
1. Click Start, click Run, and type control userpasswords2.
2. Clear the Users must enter a username and password to use this computer check box.
3. Click Apply.
4. Enter the user name and password you wish to automatically log on with, and then click OK.
5. Click OK again and you're all done.
This feature allows other users to start your computer and use the account that you establish to automatically log on. Enabling auto logon makes your computer more convenient to use, but can pose a security risk.
Posted by 0xFF3300 at 12:38 PM | Comments (0) | TrackBack