Recognize-Security

Posted by Trancer on Mar 27 2007

The last few months has been rough for Wordpress programmers, from a security point of view.
Wordpress is the most common blog\content management system on the internet today and because of that it has become one of the favorite targets for attackers\security researchers.
A quick search will show you how bad the situation is, here, here and here.
Some of the vulnerabilities are really simple, but the most interesting ones are the complex vulnerabilities. the Trackback UTF-7 SQL Injection found by Stefan Esser and the wp-trackback.php Remote SQL Injection found by rgod for example.
If you’re a PHP programmer I suggest you download old versions of Wordpress and look at the vulnerable codes and exploits, I promise you’ll learn a thing or two..
Another spicy piece of news is the backdoored Wordpress systems (v2.1.1) story, occurred earlier this month. that one really made me laugh :D

So what about Wordpress v2.1.2 (latest), secure right? I don’t think so…
Full path disclosure vulnerabilities (by Dedi Dwianto)
Redirection vulnerability in wp-login.php (by Metaeye Security Group)

UPDATE:
xmlrpc.php Remote SQL Injection Vulnerability (exploit) by NotSoSecure
PHP_Self Cross-Site Scripting Vulnerability (exploit) by Alexander Concha and Jungsonn.

Solution: Upgrade to Wordpress 2.1.3.

Categories: Web Application Security

3 Comments | Comments RSS | TrackBack URL

---

Posted by Trancer on Mar 27 2007

Oh yeah, H D Moore’s Metasploit Framework v3.0 has been released.

The Metasploit Framework (“Metasploit”) is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits 104 payloads 17 encoders and 3 nop modules. Additionally 30 auxiliary modules are included that perform a wide range of tasks including host discovery protocol fuzzing and denial of service testing.

Metasploit Framework
Release announcement on MSF blog

Happy exploiting ;-)

Categories: Metasploit, Tools

0 Comments | Comments RSS | TrackBack URL

---

Posted by Trancer on Mar 22 2007

Welcome to Recognize-Security.

I’d like to clear a few things before we start:

There is NO Rec-Sec eZine! stop calling us\sending emails!

This site from now on will be a blog. not a community site. why, you ask? ‘cuz you (yes, you, the community) sucks! …ok, most of you.

That’s the same reason we’re not releasing (and won’t release) an eZine.

So what this blog is all about? This will be a place for Rec-Sec members and I will post interesting stuff here, links to articles, our own articles, Israeli sites hacks and defacements (NOT BY US), security news and etc’…

Think you got something interesting to say? email us and we’ll post it here under your name.

Trancer

Categories: Rec-Sec

10 Comments | Comments RSS | TrackBack URL

---