PHP XML-RPC Vulnerability

Jul 5

PHP XML-RPC Vulnerability

PHP Blogging Apps Vulnerable to XML-RPC Exploits: This is very, very bad.

Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.

[…] By creating an XML file that uses single quotes to escape into the eval() call an attacker can easily execute php code on the target server.

Ouch.

by Deane July 5, 2005 10:04 PM

tags:

PHP

Comments

by Glenn, July 6, 2005 12:27 AM

Actually, Wordpress is fine (see Matt)

Add Comment

Want to advertise on this site? Contact FM.

Making Energy is Dangerous by UgDXw, 3 hours, 9 minutes ago
Adding User-Defined Fields in Movable Type by ??????, 3 hours, 25 minutes ago
The 12-Year-Old Spy by Tech, 5 hours, 26 minutes ago
MaxMind's Geo-Location Service by Steve, 8 hours, 1 minute ago
Making Energy is Dangerous by zRUgS, 9 hours, 33 minutes ago
Making Energy is Dangerous by zRUgS, 9 hours, 33 minutes ago
No More MSN Chat Rooms by grafifun, 13 hours, 13 minutes ago
Making Energy is Dangerous by cNjPA, 16 hours, 34 minutes ago
Martha Hacks Ankle Monitor by noah, 17 hours, 33 minutes ago
Martha Hacks Ankle Monitor by noah, 17 hours, 34 minutes ago
Show 5 more »

The Three Types of Intranets by Deane in 2006
The Dude by Deane in 2006
Ajax Mistakes by Deane in 2005
SpamStopsHere by Deane in 2005
When Tech Geek and Bike Geek Collide... by drmthtr in 2005
Italian Security Crackdown by Noel in 2005
Office 12 and the New UI by Deane in 2005
Oracle and Zend: PHP Buddies? by Deane in 2005
We're Joining FM Publishing by Deane in 2005
Flash Mobs Make Primetime by Deane in 2004
Mmmm. Tastes Like Chicken by Rob in 2004
AcroWiki by Deane in 2004
Best Buy Sells House Brand by Deane in 2004
Aquarius by Deane in 2004
A One And A Two... by Dave in 2004
"We dropped it..." by Deane in 2004
World Cyber Games by Deane in 2004
"Don't Make Me Think" by Deane in 2002
Show 13 more »

Web Hosting Web hosting, dedicated servers and Web design services

Laser Toner Cartridges UK laser toner, toner cartridges, hp toner, lexmark toner, samsung toner, canon, toner, epson toner, oki toner, kyocera toner, xerox toner, remanufactured toner, compatible toner

Direct TV Deals Free 4 room direct tv deals. no equipment to buy. free fast professional direct tv installation. this is the best direct tv deal available anywhere.

SEO Article Learn from the experts with our SEO article.

rope light Shopping with birddog distributing, inc., gives you access to the lowest prices, the best customer service and the quickest delivery times possible.

Laptop AC Adapter We offer genuine factory direct replacement AC adapters.

Direct TV Best satellite TV deals.

Direct TV Deals Direct TV programming deals are varied and include packages containing from 50 channels up to over 250 channels.

8mm film to DVD Retain family memories with the only frame by frame digital restoration service in the United States for your 8mm film to DVD today

Rubber Stamp Shop for custom self-inking stamps, hand stamps, address stamps, label stamps, check endorsement stamps, check deposit stamps, date stamps, pre inks, pocket stamps, ink and much more!

Gadgetopia