1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

Ada Bug Security di WP 3.1.3, wajib upgrade ke versi terbaru

Discussion in 'Wordpress' started by adisini, Jul 3, 2011.

Page 1 of 2
  1. adisini

    adisini Super Hero

    Joined:
    Dec 26, 2006
    Messages:
    963
    Likes Received:
    123
    Teman2, sumber dari _www.exploit-db.com/exploits/17465/
    Code:
    SEC Consult Vulnerability Lab Security Advisory < 20110701-0 >
=======================================================================
              title: Multiple SQL Injection Vulnerabilities
            product: WordPress
 vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions
      fixed version: 3.1.4/3.2-RC3
             impact: Medium
           homepage: http://wordpress.org/
              found: 2011-06-21
                 by: K. Gudinavicius                            
                     SEC Consult Vulnerability Lab
                     https://www.sec-consult.com
=======================================================================
 
Vendor description:
-------------------
"WordPress was born out of a desire for an elegant, well-architectured
personal publishing system built on PHP and MySQL and licensed under
the GPLv2 (or later). It is the official successor of b2/cafelog.
WordPress is fresh software, but its roots and development go back to
2001."
 
Source: http://wordpress.org/about/
 
 
 
Vulnerability overview/description:
-----------------------------------
Due to insufficient input validation in certain functions of WordPress
it is possible for a user with the "Editor" role to inject arbitrary
SQL commands. By exploiting this vulnerability, an attacker gains
access to all records stored in the database with the privileges of the
WordPress database user.
 
 
 
Proof of concept:
-----------------
1) The get_terms() filter declared in the wp-includes/taxonomy.php file
does not properly validate user input,  allowing an attacker with
"Editor" privileges to inject arbitrary SQL commands in the "orderby"
and "order" parameters passed as array members to the vulnerable filter
when sorting for example link categories.
 
The following URLs could be used to perform blind SQL injection
attacks:
 
http://localhost/wp-admin/edit-tags.php?taxonomy=link_category&orderby=[SQL
injection]&order=[SQL injection]
http://localhost/wp-admin/edit-tags.php?taxonomy=post_tag&orderby=[SQL
injection]&order=[SQL injection]
http://localhost/wp-admin/edit-tags.php?taxonomy=category&orderby=[SQL
injection]&order=[SQL injection]
 
 
2) The get_bookmarks() function declared in the
wp-includes/bookmark.php file does not properly validate user input,
allowing an attacker with "Editor" privileges to inject arbitrary SQL
commands in the "orderby" and "order" parameters passed as array
members to the vulnerable function when sorting links.
 
The following URL could be used to perform blind SQL injection attacks:
 
http://localhost/wp-admin/link-manager.php?orderby=[SQL
injection]&order=[SQL injection]
 
 
Vulnerable / tested versions:
-----------------------------
The vulnerability has been verified to exist in version 3.1.3 of
WordPress, which is the most recent version at the time of discovery.
 
 
Vendor contact timeline:
------------------------
2011-06-22: Contacting vendor through security () wordpress org
2011-06-22: Vendor reply, sending advisory draft
2011-06-23: Vendor confirms security issue
2011-06-30: Vendor releases patched version
2011-07-01: SEC Consult publishes advisory
 
 
 
Solution:
---------
Upgrade to version 3.1.4 or 3.2-RC3
 
 
Workaround:
-----------
A more restrictive role, e.g. "Author", could be applied to the user.
 
 
 
Advisory URL:
-------------
https://www.sec-consult.com/en/advisories.html
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Unternehmensberatung GmbH
 
Office Vienna
Mooslackengasse 17
A-1190 Vienna
Austria
 
Tel.: +43 / 1 / 890 30 43 - 0
Fax.: +43 / 1 / 890 30 43 - 25
Mail: research at sec-consult dot com
https://www.sec-consult.com
 
EOF K. Gudinavicius / @2011
    Klo ga ngerti gpp :D. Intinya di versi 3.1.3 ada bug yang memungkinkan blog anda diambil alih oleh orang lain. Jadi diwajibkan untuk upgrade ke versi 3.1.4 atau diatasnya. Tadi malam saya barusan dapat info dari temen kalau websitenya dideface. Jangan sampai anda jadi korban berikutnya. :).
     
    adisini, Jul 3, 2011
    #1
    nodali and TheNext like this.
  2. TheNext

    TheNext Super Hero

    Joined:
    Mar 1, 2011
    Messages:
    2,899
    Likes Received:
    211
    Location:
    Ruang Pikiran
    untung ane selalu upgrade ke versi atas klo ada pemberitahuannya

    tp memang kemarin cepat sekali jarak antara versi satu ke versi lain, ternyata ada bugnya to :D
     
    TheNext, Jul 3, 2011
    #2
  3. zapra

    zapra Ads.id Fan

    Joined:
    Feb 12, 2010
    Messages:
    242
    Likes Received:
    3
    Location:
    beside you...
    musti cepetan upgrade nih... :ninja:
     
    zapra, Jul 3, 2011
    #3
  4. yumichan

    yumichan May All Beings Be Happy

    Joined:
    May 19, 2011
    Messages:
    7,016
    Likes Received:
    847
    wah thanks infonya. ane upgrade dl smuanya :D
     
    yumichan, Jul 3, 2011
    #4
  5. anisku11

    anisku11 Super Hero

    Joined:
    Jun 28, 2011
    Messages:
    1,627
    Likes Received:
    179
    Location:
    Semarang
    ,,wah pake SQL injection
    nge defacenya
    ,untung uda upgrade
    :)
     
    anisku11, Jul 3, 2011
    #5
  6. ahmadm

    ahmadm Super Hero

    Joined:
    Jul 13, 2010
    Messages:
    1,032
    Likes Received:
    36
    Location:
    Bekasi Timoer
    udah ane upgrade gan, ane paling sering dapet warning dari plugin wordpress firewall 2 tentang SQL injection

    tapi ternyata pas ane telusuri, ntu IP SQL injection ternyata IP nya koneksi internet ane (kartu Three) :swt3:

    emang bener kata member disini kalo IP three itu berbahaya, makanye ane gak pernah berani ngebuka paypal melalui koneksi three.
    takut di :tinju: sama paypalnya
     
    ahmadm, Jul 3, 2011
    #6
  7. adisini

    adisini Super Hero

    Joined:
    Dec 26, 2006
    Messages:
    963
    Likes Received:
    123
    klo wordpress firewall kadang harus dimatiin dulu saat kita ngedit theme ato ngedit yang lainnya. atau diwhitelist aja.
     
    adisini, Jul 3, 2011
    #7
  8. dian_ribut

    dian_ribut Super Hero

    Joined:
    Mar 22, 2010
    Messages:
    1,675
    Likes Received:
    208
    Location:
    Yogyakarta
    untung ane udah upgrade kemaren gan. . lega deh :ok::ok:
     
    dian_ribut, Jul 3, 2011
    #8
  9. prahoro

    prahoro Newbie

    Joined:
    Jun 26, 2011
    Messages:
    37
    Likes Received:
    0
    masih 3.1.2 nih .. :D
    upgrade ah ....
     
    prahoro, Jul 3, 2011
    #9
  10. nodali

    nodali Ads.id Fan

    Joined:
    Jan 13, 2010
    Messages:
    230
    Likes Received:
    22
    informasi yang sangat berguna...

    Thanks a lot
     
    nodali, Jul 3, 2011
    #10
  11. m.a.y.a

    m.a.y.a Super Hero

    Joined:
    Jan 8, 2011
    Messages:
    3,011
    Likes Received:
    75
    upgrade dulu ahhh...
    makasih infonya... :)
     
    m.a.y.a, Jul 3, 2011
    #11
  12. GrafitianZ

    GrafitianZ Super Hero

    Joined:
    Nov 6, 2010
    Messages:
    3,444
    Likes Received:
    202
    Location:
    JakCity
    kbanyakan udh ane upgrade sih..thx infonya bro :D
     
    GrafitianZ, Jul 3, 2011
    #12
  13. pl4y312

    pl4y312 Newbie

    Joined:
    Oct 5, 2009
    Messages:
    20
    Likes Received:
    1
    CMIIW, itu gk sembarang visitor yang bisa inject..
    Cuma member yang berstatus "Editor"
     
    pl4y312, Jul 4, 2011
    #13
  14. eazyshare

    eazyshare Ads.id Fan

    Joined:
    Oct 16, 2009
    Messages:
    171
    Likes Received:
    0
    masih blum diupgrade nih

    upgrade dulu...
     
    eazyshare, Jul 4, 2011
    #14
  15. Autonomy

    Autonomy Ads.id Pro

    Joined:
    Jun 23, 2011
    Messages:
    346
    Likes Received:
    0
    Location:
    Where people eat rice 3 times a day
    mluncur ke TKP gan..
    :ninja:
     
    Autonomy, Jul 4, 2011
    #15
  16. saterlat

    saterlat Newbie

    Joined:
    Jul 4, 2011
    Messages:
    32
    Likes Received:
    0
    wah belum upgrade nih udah ke hack duluan...
     
    saterlat, Jul 4, 2011
    #16
  17. sidekildarisurabaya

    sidekildarisurabaya Super Hero

    Joined:
    May 4, 2010
    Messages:
    906
    Likes Received:
    117
    Location:
    Cibinong, Bogor, Jawa Barat
    Langsung upgrade dah.. yang ngasilin duit harus di prioritaskan :D
     
    sidekildarisurabaya, Jul 4, 2011
    #17
  18. saterlat

    saterlat Newbie

    Joined:
    Jul 4, 2011
    Messages:
    32
    Likes Received:
    0
    Alhamdulillah proses upgrade ke 3.1.4 setelah kena hack selesai dan lancar
    selanjutnya update plugin yang ketinggalan jaman
    Anehnya kalo dulu pas update plugin gak bisa langsung dari wp admin harus lewat ftp, tapi kali ini langsung klik link update pada wordpress udah update secara otomatis.... Jadi curiga apa ada celah lagi yah... Mohon pencerahannya agan-agan.
     
    saterlat, Jul 4, 2011
    #18
  19. gunawan7

    gunawan7 Ads.id Pro

    Joined:
    Oct 16, 2010
    Messages:
    331
    Likes Received:
    5
    iza gan,
    ane korbannya,
    posting ane ilang,
    tabel wp-post di rusak,
    :D
    buruan update atau pakek tu firewall
     
    gunawan7, Jul 5, 2011
    #19
  20. p3y3ks

    p3y3ks Ads.id Fan

    Joined:
    Dec 15, 2010
    Messages:
    120
    Likes Received:
    11
    web ane semuanya kena bro... :(

    kutu kampretttt neh orang !! dan dari script yang ditaruh ada link dari hxxp://firman.gunajaya.net
     
    p3y3ks, Jul 5, 2011
    #20
Page 1 of 2

Share This Page