FAQ :: Mitgliederliste :: MGi Team

Willkommen auf dem Portal für Mediengestalter

Aktuelles Datum und Uhrzeit: Sa 22.10.2016 18:13 Benutzername: Passwort: Auto-Login

Thema: Sicherheitsloch in Wordpress vom 06.10.2004

Neues Thema eröffnen   Neue Antwort erstellen MGi Foren-Übersicht -> Hard- und Software -> Sicherheitsloch in Wordpress
Autor Nachricht

Dabei seit: 19.05.2002
Ort: München
Alter: 36
Geschlecht: Männlich
Verfasst Mi 06.10.2004 09:22

Sicherheitsloch in Wordpress

Antworten mit Zitat Zum Seitenanfang

Da ich gesehen hab dass wordpress (was ich auch nutze) hier schon ein paar mal angepriesen wurde:


Security Holes in WordPress Blogging Tool Security
Security vulnerabilities have been found in WordPress, the popular PHP-based open source blogging application. Some scripts in WordPress are not properly validated, leaving the program open to cross-site scripting (XSS) attacks in which third parties could insert content into a WordPress-driven site.

Wordpress has grown in popularity in recent months, emerging as a leading free alternative to Movable Type, which alienated many users with new licensing terms. The vulnerability could allow hackers to create a URL that generates pages in WordPress from content created by the hacker, rather than the site owner. An unsuspecting user following such a link would be sent to the trusted WordPress-based site, but encounter fake content that could include a range of exploits, such as links that infect their computers with spyware or trojans.

"Nearly every file in the administration panel of Wordpress is vulnerable for XSS attacks," writes Thomas Waldegger, who discovered the flaws and posted them to a security mailing list. Waldegger said he had reported the flaw but received no response from the WordPress development team, which acknowledged the vulnerability and said a fix is forthcoming.

"We are disappointed that we were not given the opportunity to release fixes for the problems before the information was made public, as is the usual courtesy in the security community," said a post on the WordPress forum. "However, that's water under the bridge at this point. Expect a WordPress 1.2.1 release soon, which will address these issues."

Cross-site scripting is a well known technique which involves injecting the text of code to be executed by the browser into urls that generate dynamic pages. These attacks have been a historic problem for PHP-based content management systems (CMS) such as the popular PHPNuke and PostNuke. These apps are commonly targeted by hackers, as they offer numerous scripts that generate pages based on info appended to URLs, usually from links within the site. To be properly secured, these scripts should validate URLs to check for rogue code.

WordPress, which is released under the GNU General Public License (GPL), gained users after Six Apart tightened the licensing terms on Movable Type, prompting platform shifts from alienated MT power users.
  View user's profile Private Nachricht senden Website dieses Benutzers besuchen
Ähnliche Themen Wordpress für ipod startet nicht
Neues Thema eröffnen   Neue Antwort erstellen
MGi Foren-Übersicht -> Hard- und Software

Du kannst keine Beiträge in dieses Forum schreiben.
Du kannst auf Beiträge in diesem Forum nicht antworten.
Du kannst an Umfragen in diesem Forum nicht mitmachen.