[wp-trac] Re: [WordPress Trac] #5313: iframe being injected

WordPress Trac wp-trac at lists.automattic.com
Sat Feb 2 15:46:28 GMT 2008


#5313: iframe being injected
-----------------------------+----------------------------------------------
 Reporter:  Columcille       |        Owner:  josephscott
     Type:  defect           |       Status:  new        
 Priority:  highest omg bbq  |    Milestone:  2.5        
Component:  Security         |      Version:  2.3.1      
 Severity:  critical         |   Resolution:             
 Keywords:                   |  
-----------------------------+----------------------------------------------
Changes (by lloydbudd):

  * owner:  pishmishy => josephscott
  * status:  reopened => new

Old description:

> I don't know what's causing this but the problem is being reported by a
> few people at http://wordpress.org/support/topic/134928. In short, an
> iframe is turning up in certain posts, clearly being put there via some
> exploit. Problem has been reported across a few versions of WordPress,
> including 2.3.1. Note that the iframe wasn't contained in a theme or any
> source files, it was in the post itself stored in the database.

New description:

 Feb 2, 2008 http://wordpress.org/support/topic/134928 now describes a
 security issue in xml-rpc:

 A personal has to already have an account on your blog, or be able to
 create an account (subscription)

 WORKAROUND: if enabled, disable subscription to your blog, or remove
 xmlrpc.php .

 There is no user checking if the "post_type" is set to page.

 http://wordpress.org/support/topic/134928/page/2#post-686510
 http://www.theseekerblog.com/?p=284
 http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-
 confirmed/

Comment:

 Replying to [comment:8 thee17]:
 > Because the method of exploiting this was posted, this needs fixed and
 posibly fast.

 Although the same support topic, it probably would have been better to
 open a new ticket, because it is difficult to confirm that the original
 issue is caused by this issue.

 Also, it is benefitial at this point to explicitly including the details
 if not at least the links.
 http://wordpress.org/support/topic/134928/page/2#post-686510
 http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-
 confirmed/
 http://www.theseekerblog.com/?p=284

 Updating description.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5313#comment:10>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list