Buat yang doyan pakai Wordpress. Salam, Ladung
-----Original Message----- From: Secunia Security Advisories [mailto:[EMAIL PROTECTED] Sent: 05 Maret 2007 21:34 To: [EMAIL PROTECTED] Subject: [SA24374] WordPress Command Execution and PHP "eval()" Injection TITLE: WordPress Command Execution and PHP "eval()" Injection SECUNIA ADVISORY ID: SA24374 VERIFY ADVISORY: http://secunia.com/advisories/24374/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: WordPress 2.x http://secunia.com/product/6745/ DESCRIPTION: Ivan Fratric has reported two vulnerabilities in WordPress, which can be exploited by malicious people to compromise vulnerable systems. 1) Input passed to the "ix" parameter in wp-includes/feed.php is not properly sanitised before being used in "eval()" calls. This can be exploited to execute arbitrary PHP code. 2) Input passed to the "iz" parameter in wp-includes/theme.php is not properly sanitised before being used to execute commands. This can be exploited to execute arbitrary shell commands. NOTE: The vulnerabilities were reportedly added by someone breaking into WordPress's servers. The vulnerabilities are reported in version 2.1.1 downloaded on 2007-02-25 or later. SOLUTION: Update to version 2.1.2. PROVIDED AND/OR DISCOVERED BY: Ivan Fratric ORIGINAL ADVISORY: Ivan Fratric: http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html WordPress: http://wordpress.org/development/2007/03/upgrade-212/ -- www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] ## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ## ## Jaket ITCENTER tersedia di http://shop.itcenter.or.id Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/ITCENTER/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/ITCENTER/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/