Wordpress Exploit if any one run's blogs
 

This is a HUGE exploit in wordpress!

Vulnerable Systems:
* WordPress version 1.5.1.3 and prior (with register_globals)

Immune Systems:
* WordPress version 1.5.1.4 or newer

[Code Removed]

Check your hosting company if they patched this!

In English, please? |huh

Mommy doesnt hold your hand all the time does she :) Research it! You have to make sure you turn this off create a php.ini and put it in your root directory. Thats the code for the exploit to look for that has the issues!

php_flag register_globals off

http://wordpress.org/development/200...ordpress-1513/

How nice of you to post the code so now any idiot searching for it can find it here and play with the blogs.

Actually the code is plastard over the internet every where! And i didnt mean to post to show how to do it. To show what to look for to fix it. Sorry if it upset anyone

Regards,

Cocksucker - why post a warning without telling everyone what the fuck you're warning about? And they call me useless...

Come on man.. think before you post code to an exploit.

There is crime all over the world, do you help promote that as well? It doesn't matter if its posted all over.. you just gave it another home on the net. It's called having ethics..

And to note i didnt post the code to leave another place for people to look for it. I posted it as to what you need to look for to rectify the issue i by no means was i trying to bring harm or trying to be rewd i apologize for posting the exploit then next time there is one i wont post nothing!


Easy there buddy no need to get all sweaty! Gees, and it's not called being useless i NOTIFIED about the ISSUE it's not even a fix you can do. you have to make sure your hosting company has it turned off or they have root access to the whole server. And a little foot note id love to see you call me cocksucker to my face that shit you dont even need to say leave those comments to the peanut gallery!

Damned near wet myself in fear.

I doubt you'd want useless in your face.

His moustache smells!

How can you tell what version of Word Press you have?

Jenc,

I havent a clue myself. I went ahead and installed the new update though, Its fairly fast and easy.

Delete WP-Admin

Delete WP-Includes

Delete any root diretory files begining with WP-* BUT DO NOT DELETE the one that tells the script where your info is.

leave WP-CONTENT and wp-images alone.

once those are deleted, upload the new files. simple as pie. did it to 4 blogs last night in a matter of 15 minutes.

Well I went to that link above and tried to download the new 1.5.1.3 but I couldn't help but notice that the download still said 1.5.1.2. Has version 3 even been released yet?

I've just fixed the .htaccess for now, should be good enuff.

jen, when i downloaded it said 1.5.2 not 1.5.1.2

checking now and...

still does. if you're downloading herE:
http://wordpress.org/download/

that's 1.5.2

Ahhh, you're right! You are smrt, I am dum.