Wordpress-3-3-1 Vulnerability Description Document

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

The most popular WordPress recently released 3.3.1 A leak, now released the details of the vulnerability ... Quicl ' Sblog has been looking at the vulnerabilities of WordPress, and through the network to collect the first time for the vast number of WordPress users to provide WordPress vulnerability. You can visit my "computer network"-"unlimited related" content to find about network security, WordPress blog vulnerabilities, wordpress plugin loopholes and other information oh.

Vulnerability Bulletin here: www.securityfocus.com/archive/1/521359/30/60/threaded

Trustwave released, Beijing know Chuang Yu's official website also posted a: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt

The following is Beijing to plug the loopholes of the information: look at the final official reply, that can be ignored. Trust wave to avoid light weight, also earned three CVE, these loopholes are the scene: WP did not install the case can be. Take a look.

First: PHP Code Execution and persistent Cross Site scripting vulnerabilities via ' setup-config.php ' page

Trust Wave said WP installation script files have security risks, installation can use the attacker's own database, after installation landing WP background, subject Editor can write arbitrary PHP code, and then remote command execution is so. XSS is an attacker who modifies a malicious XSS script by modifying values in its own database, such as comments, articles, and so on, and then the user accesses WP to recruit. This is a good understanding, just enough to meet the attack scene too little ... So the first CVE is too much to be fooled.

Second: ListBox Cross Site scripting vulnerabilities in ' setup-config.php ' page

I wrote the POC, the principle is that Beijing knows that Chong Yu Daniel's previous "based on CSRF XSS attack", the latest is also valid (the official should not release the patch), but this scene and the first one as little poor ... But trust wave and WP official focus is not placed here.

Third: MySQL Server username/password Disclosure vulnerability via ' setup-config.php ' page

Brute force, the premise is not "need WP did not install", I do not know, no test. Interested students study for themselves.

This time the WP loophole is not wonderful, now popular or WP those plug-in loopholes, more vigorous! By the way, the KNOWNSEC team will release a WP XSS 0day in the recent past, affecting all versions, but after the official repairs. Please pay attention to our official blog: blog.knownsec.com, the new version is coming online!

The above is Beijing know Chuang Yu Company to provide the loophole, the company's website Hanging horse detection is good oh. According to the information, Beijing knows that Chuang Yu is the only security partner of Microsoft Mainland. Quicl personally feel very cow X said. WordPress More vulnerabilities article visit "WordPress Burst SQL Injection Vulnerability" and "Catches-wordpress blog attack"