SW:Rebellion NetworkHosted by the SW:Rebellion Network
Welcome to Evaders Squadron Coding [ESC]
Star Wars fans, Star Wars games, Star Wars community... did we mention Star Wars? The Star Wars Rebellion Network
Home Forums Nuke Patched Core Coding Services Webmaster Services Personal
  Login/Create an Account    

Forums
· Forums FAQ
· Search
· Usergroups
· Profile
· Private Messages

Support Us
This site runs with your support. Please donate:

User Info/Login
Welcome, Anonymous
Nickname
Password
Security Code: Security Code
Type Security Code

(Register)
Membership:
Latest: audai
New Today: 1
New Yesterday: 0
Overall: 9109
People Online:
Visitors: 23
Members: 0
Total: 23

Link to Us

Affliates
RPG Boards Hosting

 Evaders Squadron Coding [ESC] :: View topic - Wordpress 2.2.1 XSS - mybeNi
Wordpress 2.2.1 XSS - mybeNi

 
Post new topic   Reply to topic    Evaders Squadron Coding [ESC] Forum Index -> Coding Services
View previous topic :: View next topic  
Author Message
Evaders99



Joined: Jan 11, 2002
Posts: 3063
Location: USA
PostPosted: Thu Aug 02, 2007 10:41 pm    Post subject: Wordpress 2.2.1 XSS - mybeNi Reply with quote
These were originally disclosed by mybeNi
http://mybeni.rootzilla.de/mybeNi/
Along with the changes at
http://bueltge.de/der-erste-xss-wurm-fuer-wordpress/489/

Since these are in a different language, I figured I would put these in English and make it easier to figure out what changed.

This is just an English version of the changes. Feel free to get the package of file changes or the manual changes.

(Note: this may not match Wordpress's official changes. Their bug tracker seems to reference different folders or files)


DOWNLOAD FILES

-----------------------

MANUAL CHANGES

Partial strings were used to make this post correctly, along with simplifying the code change. Original formatting was taken from the source files. Also the order of the changes were changed so the files are easier to find alphabetically.


NOTE: they are the ALMOST the same changes from the German site! One line seems to be missing within the edit-comments.php to FIND, making it rather awkward. The change should be referenced correctly here.


wp-admin/edit-comments.php

Code:

FIND

if ( isset( $_GET['apage'] ) )
   $page = (int) $_GET['apage'];

AFTER, ADD

   if($page < 1)
   $page = 1;    





wp-admin/link-import.php

Code:

FIND

      $cat_id = $_POST['cat_id'];
      if ( $cat_id == '' || $cat_id == 0 )

REPLACE WITH

      $cat_id = (int) $_POST['cat_id'];
      if ( $cat_id < 1 )




wp-admin/upload-functions.php

Code:

FIND

upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id;

CHANGE TO

upload.php?style=". attribute_escape($style). "&amp;tab=upload&amp;post_id=$post_id". attribute_escape($post_id);



wp-includes/functions.php

Code:

FIND

function get_option($setting) {
   global $wpdb;

AFTER, ADD

   $setting = $wpdb->escape($setting);

FIND

function delete_option($name) {
   global $wpdb;

AFTER, ADD

   $name = $wpdb->escape($name);


_________________
Evaders99
SW:Rebellion Fans! Webmaster
Star Wars roleplaying community! Administrator

Fighting is terrible, but not as terrible as losing the will to fight.
- SW:Rebellion Network - Evaders Squadron Coding -

The cake is a lie.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    Evaders Squadron Coding [ESC] Forum Index -> Coding Services All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

^Top
Home Your Account Forums Downloads F.A.Q. Submit News Hosting Contact Us

© 2005 - 2007 by Evaders99. All Rights Reserved.
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters.
You can syndicate our news using the file backend.php
 PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL.
PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.19 Seconds