Wordpress 2.3.2 XMLRPC Exploit Unofficial Patch

    • Feb
    • 02

    Wordpress 2.3.2 XMLRPC Exploit Unofficial Patch

    Posted by Noah Ark 5 months, 2 weeks ago.

    Filed under Security¸ WordPress & vulnerability.

    this is relevant to my interest lolcatThis issue has been raised 4 months ago (october 2007). Certainly this is one of BadPress Ticketing Problems. Until WordPress Developer release Official securities fix (v 2.3.2.1 || 2.3.5 ?? ) You might want to try this “debatable” patch by SecuriTeam - Paul (Yabba) Jones.

    Note: Matt Mullenweg & the WP-Hackers is against secureTeam “hasty-patch” and their POC release. [wp-hackers] xmlrpc issue or no?.

    Excerpt from Wordpress Support Forum » iframe injection problem?

    Matt Mullenweg → [...] I would rather not have people think they’re safe and really not be, and there is a release coming shortly anyway. [...]
    If anyone is scared and wants a fix NOW, they should either turn off registration (which is off by default) or delete xmlrpc.php. ~ Feb 3, 2008

    WordPress 2.3.3 has been release it’s advice not to try this patches

    Patch xmlrpc.php via WordPress Admin

    1. Login to Wordpress Admin
    2. manage-files-xmlrpc.png Goto Manage » Files then scroll down to “Other Files” sections, type in xmlrpc.php. otherwise type the following URL in your browser address-bar ↓ 
      mydomain.com/wp-admin/templates.php?file=xmlrpc.php&submit=Edit+file+%C2%BB
    3. Find the following code (around Line 1151 - 1203 ) within wp_xmlrpc_server::mw_editPost() class methods ↓ 
      if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) )
    4. Replace with 
      //if ( ( 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) )
 if ( ( 1 || 'post' == $post_type ) && !current_user_can('edit_post', $post_ID) )

      saved.

    5. Disabled New User Registrations for temporary.

    External Links

    About the Author

     

    Tags:
    • February 2, 2008 at 9:32 pm
    • February 5, 2008 at 4:36 pm
    • 0.3
    • url

    • No Responses to Wordpress 2.3.2 XMLRPC Exploit Unofficial Patch

      Trackback URL: Use the TrackBack url ↑ to ping this article. If your blog does not support Trackbacks you might want to leave a comment instead.
        • RE: Wordpress 2.3.2 XMLRPC Exploit Unofficial Patch - 'The Guide' ↓
          Wordpress 2.3.2 XMLRPC Exploit Unofficial Patch Kakkoi 5 months, 2 weeks ago 5 url
          Marvin, Point of View Gun

          The following "Code" are designed to protect you and other users of this site.

          • Be relevant: Your comment should be a thoughtful contribution to the subject of the entry. Keep your comments constructive and polite.
          • No advertising or spamming: Do not use the comment feature to promote commercial entities/products, affiliates services or websites. You are allowed to post a link as long as it's relevant to the entry.
          • Keep within the law: Do not link to offensive or illegal content websites. Do not make any defamatory or disparaging comments which might damage the reputation of a person or organisation.
          • Privacy: Do not post any personal information relating to yourself or anyone else - (ie: address, place of employment, telephone or mobile number or email address).

          In order to keep these experiences enjoyable and interesting for all of our users, we ask that you follow the above guidlines.

          be the first to comment.

          KakkoiFeel free to engage, ask questions, and tell us what you are thinking! Regular and insightful comments are most welcomed.

           

    "write as if you were talking to a good friend (in front of your mother)."

    .haveyoursay

    Disclaimer: For any content that you post, you hereby grant to Kakkoi the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved.

MySQL query error