![[ t ]](/images/structural/icon_twitter.gif){kind=icon}
PHP XML-RPC Vulnerability
PHP Blogging Apps Vulnerable to XML-RPC Exploits: This is very, very bad.
Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.
[…] By creating an XML file that uses single quotes to escape into the eval() call an attacker can easily execute php code on the target server.
Ouch.
What Links Here
Spiders are Stupid
I've been monitoring the 404s on this site. I changed our URL pattern a while back, so I have a page that catches all the 404 and resolves the old pattern against the new one, then redirects. Anything that doesn't resolve gets logged and I have an RSS…
Comments are Closed
Thanks to all who participated.
- Why Ad Blocking Kinda Sucks by Dave, 1 hour, 27 minutes ago
- Nation Shudders At Large Block Of Uninterrupted Text by Anonymous, 2 hours, 58 minutes ago
- Nation Shudders At Large Block Of Uninterrupted Text by Anonymous, 2 hours, 59 minutes ago
- Joel Spolsky on Twitter by Mark, 6 hours, 32 minutes ago
- Joel Spolsky on Twitter by Doug D, 4 days, 13 hours ago
- Show 5 more »
- No Money for Email at the FBI by Deane in 2006
- The Flickering Ghosts of Pac-man by Deane in 2006
- The Atari Landfill Rumor by Deane in 2005
- Jeff Bezos and his Spaceport by Deane in 2005
- Unintentionally Spamming Search Terms by Deane in 2003
- Show 0 more »