[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [WEB SECURITY] SPAM New Wordpress 2.2.1 Vulnerabilities and the First Weblog XSS Worm

To: mybeni websecurity <mybeni@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] [WEB SECURITY] *****SPAM***** New Wordpress 2.2.1 Vulnerabilities and the First Weblog XSS Worm
From: neil-webappsec-org@xxxxxxxxxxxxx
Date: Wed, 01 Aug 2007 09:31:15 -0400

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-15"
 http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA1 <br>
 <br>
While in no way do I wish to take away from the value of your finding
these problems (and providing such a convenient fix), your claims of
having written "the first weblog worm" seem incorrect. See
<a class="moz-txt-link-freetext" 
href="http://it.slashdot.org/it/05/10/14/126233.shtml?tid=172&tid=95&tid=220";>http://it.slashdot.org/it/05/10/14/126233.shtml?tid=172&amp;tid=95&amp;tid=220</a>
for the entertaining story of one (presumably lonely) hacker,
myspace.com, and the powers of exponential propagation. My favorite
part is "/was spreading at a rate of 1,000 users every few seconds
before MySpace shut down its site/".<br>
<br>
- - Neil<br>
<br>
PS: Have you reported these problems directly to Wordpress? It might be
nice if they could get an official patch out. I'm sure that they have a
fairly complete list of users and hence can get these problems cleaned
up in more sites in less time than this email will.<br>
<br>
mybeni websecurity wrote:<br>
<span style="white-space: pre;">&gt; Hey Guys, this another one of my
FD Releases!<br>
&gt;<br>
&gt; I found several critical Wordpress 2.2.1 Vulnerabilities, in detail<br>
&gt; explained here:<br>
&gt;<br>
&gt;
<a class="moz-txt-link-freetext" 
href="http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/";>http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/</a><br>
&gt;<br>
&gt; Plus I made - by using the Exploits I created during my research -
the<br>
&gt; first weblog worm, but a "friendly" one: It guides people coming
from<br>
&gt; their /wp-admin/ Wordpress Control Panel through the Patching
process of<br>
&gt; 3 critical Security Vulnerabilities (XSS, Pers. XSS,
SQLInjection), all<br>
&gt; based on Javascript and by using the Vulnerabilities. All you need
is to<br>
&gt;  post a comment with a link to my blog<br>
&gt; <a class="moz-txt-link-freetext" 
href="http://mybeni.rootzilla.de/mybeNi/";>http://mybeni.rootzilla.de/mybeNi/</a>
 to your own one and then, all
you<br>
&gt; have to do is to click on the link e.g. in the comment Moderation
area.<br>
&gt; My Server sees that you're Referring from an Admin Panel and the
Worm<br>
&gt; Thingy will show up. Pictures and more are provided here:<br>
&gt;
<a class="moz-txt-link-freetext" 
href="http://mybeni.rootzilla.de/mybeNi/2007/this_is_the_first_weblog_xss_worm/";>http://mybeni.rootzilla.de/mybeNi/2007/this_is_the_first_weblog_xss_worm/</a><br>
&gt;<br>
&gt;<br>
&gt; cheers,<br>
&gt;<br>
&gt; Benjamin Flesch<br>
&gt; mybeNi websecurity<br>
&gt; the 17yo who hacked google.<br>
&gt;<br>
&gt;
----------------------------------------------------------------------------<br>
&gt; Join us on IRC: irc.freenode.net #webappsec<br>
&gt;<br>
&gt; Have a question? Search The Web Security Mailing List Archives: <br>
&gt; <a class="moz-txt-link-freetext" 
href="http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.org/lists/websecurity/</a><br>
&gt;<br>
&gt; Subscribe via RSS: <br>
&gt; <a class="moz-txt-link-freetext" 
href="http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec.org/rss/websecurity.rss</a>
 [RSS Feed]<br>
&gt;<br>
&gt;</span><br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v1.4.7 (MingW32)
<br>
Comment: Signed by GnuPG by Neil Smithline
<br>
Comment: Using GnuPG with Mozilla - <a class="moz-txt-link-freetext" 
href="http://enigmail.mozdev.org";>http://enigmail.mozdev.org</a>
<br>
 <br>
iD8DBQFGsIsjLO8auUXcF7oRAo5kAJ4zQYFJphRoYJE4q4sRwPcbVDRHlgCgtmCY
<br>
0tM5lXZC0fIj5wXRbqEe8o4=
<br>
=/++T
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] *****SPAM***** New Wordpress 2.2.1 Vulnerabilities and the First Weblog XSS Worm
  - From: mybeni websecurity

Prev by Date: [Full-disclosure] Bug on web site of Italian Bank
Next by Date: [Full-disclosure] "debug k" freezing Cisco routers?
Previous by thread: [Full-disclosure] *****SPAM***** New Wordpress 2.2.1 Vulnerabilities and the First Weblog XSS Worm
Next by thread: [Full-disclosure] Firefox 2.0.0.6 Java Pop-Up DoS flaw
Index(es):
- Date
- Thread

Re: [Full-disclosure] [WEB SECURITY] *****SPAM***** New Wordpress 2.2.1 Vulnerabilities and the First Weblog XSS Worm

Re: [Full-disclosure] [WEB SECURITY] SPAM New Wordpress 2.2.1 Vulnerabilities and the First Weblog XSS Worm