[wp-hackers] Security
Thomas Scholz
info at toscho.de
Sun Sep 6 15:48:24 UTC 2009
scribu:
> It seems obvious why you wouldn't get critical details for an unfixed
> vulnerabillity like this.
This bug was fixed in v2.8.3, and the new code of this version gives all
the details anyone wants to know. Nothing to hide anymore.
> If there was a security patch available, you would get that, instead of
> "Upgrade now".
The main problem was: Registered users without any privileges could just
add double slashes (//) into an URL to get some admin privileges (install
plugins, mess up the database etc.).
So you have to forbid double slashes in all URLs. The .htaccess way would
be:
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /(([^/\ ]+/)*)/+([^\ ]*)
RewriteRule ^ /%1%3 [L,R=301]
But if you have neither Apache nor mod_rewrite, you may use a little
plugin I wrote:
http://f.toscho.de/SingleSlash.zip
I described the problem en detail (and in German) here:
http://toscho.de/2009/wordpress-2-8-3-das-doppelslash-problem/
Be aware! This fixes really just the double slashes. I can’t and won’t
guarantee that you’re secure with it. Make the upgrades nevertheless.
Thomas
--
Redaktion, Druck- und Webdesign
http://toscho.de · 0160/1764727
Twitter: @toscho
More information about the wp-hackers
mailing list