PHP XML-RPC Vulnerability

Home

PHP Blogging Apps Vulnerable to XML-RPC Exploits: This is very, very bad.

Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.

[…] By creating an XML file that uses single quotes to escape into the eval() call an attacker can easily execute php code on the target server.

Ouch.

Deane | July 5, 2005
See Also: PHP

Skip to Comments

Related Posts

  • PHP Apps That Changed the World
    Open-source PHP applications that changed the world: A nice roll-up of the most influential PHP apps of the last 10…
    – May 23, 2008
  • The End of the “PHP sucks” Argument
    PHP Sucks, But It Doesn’t Matter: Jeff Atwood essentially closes the “PHP sucks” argument by agreeing with it, then explaining…
    – May 21, 2008
  • Could Zend be for sale?
    Scoop: Job Cuts at PHP Startup Zend Could Be Aimed With An Eye Towards a Sale: Very interesting. [Zend’s]…
    – May 20, 2008

What Links Here

The following posts link to this post.
  • Spiders are Stupid
    I've been monitoring the 404s on this site. I changed our URL pattern a while back, so I have…
    – November 4, 2005

Comments

Actually, Wordpress is fine (see Matt)

Glenn | July 6, 2005 12:27 AM

Add a Comment

Name:
URL:

Comment:
Markdown is enabled in comments. If you have to use HTML, we allow A HREF, B, BR, P, STRONG, EM, UL, LI, and BLOCKQUOTE.
 
Comments on this site are subject to our Terms of Service