Wordpress Exploit

Printable View

20 October, 2009, 14:50 PM
nux

This is what my blog looks like:

$charset = $_POST['charset'];

if(strlen($charset) > 50)
die;

// These three are stripslashed here so that they can be properly escaped after

Quote:

Originally Posted by Snak3

@nux
can you show where exactly in wp-trackback.php have we to paste the following code as mentioned by you in your blog post :

Code:

if(strlen($charset) > 50) die;

I understand line 47 but to be precise
I mean, before what and after what piece of code should it come/appear.
20 October, 2009, 17:37 PM
texashiker

Should we just remove the trackback.php file from the wordpress folder? Or rename it so its not usable until a full patch is released?
20 October, 2009, 18:10 PM
nux

The code I showed you will fix the problem. I've tested it myself.
20 October, 2009, 18:39 PM
Snak3

Quote:

Originally Posted by nux

This is what my blog looks like:

$charset = $_POST['charset'];

if(strlen($charset) > 50)
die;

// These three are stripslashed here so that they can be properly escaped after

Thnx a bunch, done on my WP blog :thumbsup:
21 October, 2009, 04:02 AM
nux

Wordpress has released an update, 2.8.5 which fixes this issue.
21 October, 2009, 05:42 AM
jayant_me

just download and installed 2.8.5

Thanks for the heads up :)

All times are GMT. The time now is 17:55 PM.