PHP XML-RPC Vulnerability

By Deane Barker on July 5, 2005

PHP Blogging Apps Vulnerable to XML-RPC Exploits: This is very, very bad.

Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.

[…] By creating an XML file that uses single quotes to escape into the eval() call an attacker can easily execute php code on the target server.

Ouch.

Gadgetopia
What Links Here

Comments

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.