Feed on
Posts
comments

PHP y upload (1)

19 Octubre 2009 por admin

http://www.bilbaodigital.es/Hacking/php-shell-upload-iv.html

The understanding of the systems architecture is essential to analize its security. PHP file upload architecture:

  1. Files are transferred from client filesystem to server RAM.
  2. Apache process will check httpd.conf and php.ini directives.
  3. Once completed, file will be dumped into the server’s default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The temporary directory used for storing files must be writable by apache user.
  4. After a correct transfer, if track_vars is enabled (always since 4.0.3), $_FILES superglobal array is defined (is available in all scopes throughout a script. There is no need to do global $variable; to access it within functions or methods). Only name and type are provided by the user, and therefore tmp_name, error, and size are provided by PHP. The related variables will be initialized as globals if register_globals is enabled (must be desactivated).
  5. The control is given to the php script to move the file to another location. If not, the temp file will be automatically unlinked at the end of the script.
  • Directives in a php.ini file
    • upload_max_filesize = 10M
    • post_max_size = 20M
  • .htaccess file
    • php_value upload_max_filesize 10M
    • php_value post_max_size 20M

    The PHP documentation states that the memory_limit setting also affects file uploading. Generally speaking, memory_limit should be larger than post_max_size.

    • memory_limit = 16M to your php.ini file (recommended, if you have access)

      • With root access, you can use the sed util in Linux/Unix based systems, in order to increace the memory for 64M. Don’t forget to properly locate you php.ini file!

      sed -i 's/memory_limit = 16M/memory_limit = 64M/' /etc/php5/apache2/php.ini
    • ini_set('memory_limit', '16M'); to your sites/default/settings.php file
    • php_value memory_limit 16M to your .htaccess file in root

Posted in Plataforma | Tagged , | No Comments »

ideas optimizacion

15 Agosto 2009 por admin

http://www.slideshare.net/jeremyclarke/caching-and-optimization-for-wordpress

Posted in General | No Comments »

Wordpress 2.8.3 Admin Reset Exploit

14 Agosto 2009 por admin

http://www.darknet.org.uk/2009/08/wordpress-2-8-3-admin-reset-exploit/

Ah it’s Wordpress again, sometimes I wonder how many holes there are in Wordpress. I guess a dedicated attacker could find some serious ones with the complexity of the code base.

It’s suspected some of the recent high profile breaches have come from Wordpress exploits.

The latest one to become public is a simple but effective flaw, it doesn’t enable take-over but it does allow a prankster to lock an admin out of their blog by resetting the password.

Developers of the widely used WordPress blogging software have released an update that fixes a vulnerability that let attackers take over accounts by resetting the administrator password.

The bug in version 2.8.3 is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required, according to this alert published on the Full-Disclosure mailing list.

The flaw lurks in some of the PHP code that fails to properly scrutinize user input when the password reset feature is invoked. Exploiting it is as easy is directing a web browser to a link that looks something like:

I actually saw the alert as it was published on Full-Disclosure, obviously anything to do with Wordpress catches my attention.

The exploit can be executed by running the following code on a Wordpress 2.8.3 blog:

http://www.domain.com/wp-login.php?action=rp&key[]=

Simple but effective.

According to WordPress documentation here, the bug has been fixed by changing a single line of code so the program checks to make sure the input supplied for the new password isn’t an array. If it is, the user gets an error message and must try again.

That would appear to be the end of it, but security researchers Rafal Los and Mike Bailey wonder aloud here whether it would have made more sense to check instead whether the input is a string.

“Hasty coding?” he asks. “Why take the blacklist vs. whitelist approach?”

The bigger point he and other observers seem to make is that PHP is the coding equivalent of an everyman’s jet pack. It allows him to quickly soar into the sky with a minimal amount of training but doesn’t necessarily provide the means to check for buildings, planes or other hazards that may greet the user once he gets there.

Wordpress 2.8.4 has already been released so if you’re running Wordpress do update ASAP to ensure you are safe from this bug.

With the core updates now available on auto-update there’s no excuse for not updating (no more download, extract, upload via FTP).

Of course with its history, this doesn’t mean you are safe from any of the other exploits that haven’t been made public.

Source: The Register

ShareThis

Tags:  exploits,  hacking-wordpress,  vulnerabilities,  Web Hacking,  web-application-security,  wordpress,  wordpress 2.8.3 exploit,  wordpress admin reset bug,  wordpress bug,  wordpress-exploit,  wordpress-security,  wordpress-vulnerability

Posted in General | No Comments »

WordPress and WordPressMU Merged: Whoa!

3 Junio 2009 por admin

Leemos en http://www.blogherald.com/2009/06/02/wordpress-and-wordpressmu-merged-whoa/

Destacar la parte de

I’ve found that people who use WordPress want to work with people who use WordPress. They also want to play with them. Think of the possibilities of creating a special interest group on car racing, a sport, knitting, book reading, or whatever interest you have and/or blog about. Why not? I’d love to connect with people interested in what I’m interested in, learning from and with each other by a common bond.

El texto.

WordPress and WordPressMU Merged: Whoa!

Filed as News on June 2, 2009 1:26 pm

by Lorelle VanFossen

WordPress CommunityWordCamp San Francisco 2009 this past weekend was aresounding success, but there is some major confusion coming from the presentation on the State of the Word by  about the “merger” of WordPress and WordPressMU.

In his presentation, Matt Mullenweg, the founder of WordPress, told the more than 700 attendees news about WordPress and its relatives under the  umbrella, a form of stockholders report. He also announced that  - the ORG part of WordPress - would be merged into .

Many, including Ozh of Planet OzhThe Theme Lab, and Aaron Brazell were quick to announce their thoughts about the “merger of WordPress and WordPressMU,” misunderstanding the story they were getting across the live blogs and twit-stream from WordCamp San Francisco.

While I’m waiting confirmation, my understanding from Matt’s announcement is that the long time home of all things WordPress, known by many as the WordPress dot org site, will become a site, with nothing impacting the downloadable versions of WordPress.

With the site’s move to WordPressMU, combining the WordPress driven informational site with the  driven , the site will also incorporate the hot new kit, a combination of WordPressMU specific Plugins that turn a site into a social media community platform, often called “Facebook in a box.”

This is a huge undertaking, with possibly million of registered users, testing WordPressMU, BuddyPress, bbPress, and the WordPress Community as the site undergoes the changes.

Building a Real WordPress Community

In the earliest days of , I really looked forward to the community part of WordPress.com bloggers rising up out of the multiple blogs hosted by WordPress.com. Global tags brought some people together, but individually, not by common interest.

With the move of the WordPress.org site to include the profiles and group “friends” and “followers,” I see that dream of a WordPress Community coming true.

Jane Wells has been working on building a stronger WordPress Community set of volunteers and contributors, moving beyond coders and hackers to every day WordPress fans to help contribute to the development of WordPress in a variety of non-technical ways, from translations to simply their opinion and feedback. Imagine having access through the BuddyPress profiles on WordPress.org to information on the talents, abilities, and interests of all the WordPress users! The WordPress development team could directly consult with those expressing an interest in a specific area of WordPress.

What about WordPress Plugin authors all interested in the Google Maps API. Imagine them working together to create some new mapping feature for WordPress. Or WordPress members living in a region or community wanting to get together to create a WordPress Meetup or Users Group, or maybe a WordCamp.

I’ve found that people who use WordPress want to work with people who use WordPress. They also want to play with them. Think of the possibilities of creating a special interest group on car racing, a sport, knitting, book reading, or whatever interest you have and/or blog about. Why not? I’d love to connect with people interested in what I’m interested in, learning from and with each other by a common bond.

This is what I believe is the intention of converting the official WordPress.org site to WordPressMU and adding BuddyPress. It serves as a fantastic testing ground for BuddyPress, just as  does for WordPress and WordPressMU, and will help unite WordPress users in new and exciting ways. With BuddyPress interaction, this may also change WordPress support in some very interesting ways as people may be able to reach out for support directly from the WordPress Community, and not just through the WordPress Support Forums.

I also see WordPress.com embracing BuddyPress as well, hopefully. That would really make my dream come true for the community I so long for from among my millions of brothers and sisters on WordPress.com. It is such a vibrant and mixed community, I’d love to really get to know who they are and what their interest are beyond the Google or WordPress.com search or tags.

In the future, it will be easier to install  or “flip a switch,” as many are calling it, between the single self-hosted version of WordPress and WordPressMU, but for now, I believe Matt’s intention was to announce the WordPress.org site going WordPressMU and BuddyPress.

It’s exciting times for the WordPress Community!

Posted in Merge MU y org | No Comments »

WP Super Cache 0.9.1

26 Febrero 2009 por admin

Doncha ha publicado su nueva version de WP Super Cache 0.9.1 lo puedes leer en http://ocaoimh.ie/2009/02/26/wp-super-cache-091

Posted in plugins | Tagged , | No Comments »

phpXref Wordpress MU 2.7

23 Febrero 2009 por carlos

He creado en este enlace una referencia cruzada del Wordpress Mu 2.7. Es de una version con alguna modificación del branch 1676

http://carlosandrade.es/static/WP27b/nav.html?index.html

Espero que este bien cacheado en htaccess

Posted in General | Tagged , , | No Comments »