[wp-hackers] Security

Thomas Scholz info at toscho.de
Sun Sep 6 15:48:24 UTC 2009


> It seems obvious why you wouldn't get critical details for an unfixed
> vulnerabillity like this.

This bug was fixed in v2.8.3, and the new code of this version gives all  
the details anyone wants to know. Nothing to hide anymore.

> If there was a security patch available, you would get that, instead of
> "Upgrade now".

The main problem was: Registered users without any privileges could just  
add double slashes (//) into an URL to get some admin privileges (install  
plugins, mess up the database etc.).

So you have to forbid double slashes in all URLs. The .htaccess way would  

RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /(([^/\ ]+/)*)/+([^\ ]*)
RewriteRule ^ /%1%3 [L,R=301]

But if you have neither Apache nor mod_rewrite, you may use a little  
plugin I wrote:

I described the problem en detail (and in German) here:

Be aware! This fixes really just the double slashes. I can’t and won’t  
guarantee that you’re secure with it. Make the upgrades nevertheless.


Redaktion, Druck- und Webdesign
http://toscho.de · 0160/1764727
Twitter: @toscho

More information about the wp-hackers mailing list