post-page

WP-Forum Plugin Security Bulletin

148
responses
by
 
on
January 21st, 2008
in
WordPress Plugins, WordPress Security
heading
heading
heading
148
Responses

 

Comments

  1. Andy (1 comments.) says:

    Would you be willing please, to point out that the ‘Simple Forum’ mentioned above is NOT the same as my own ‘Simple Forum WP Plugin’? (http://www.stuff.yellowswordfish.com/simple-forum/) I found out quite recently that there was a stand alone system named ‘Simple Forum’ and have been debating whether to change the name of my plugin. But I would not want people to be confused! My own forum plugin is NOT based on this third party product and also has no relationship with WP-Forum.
    Thanks.

  2. Sabo (13 comments.) says:

    I started a thread with this information on their forum.

  3. Jeffro2pt0 (164 comments.) says:

    @Sabo Thanks for doing that. Although if you were to look at the comments for that plugin on the blog, it looks like development for that plugin might be dead and has been dead for quite awhile.

  4. Dhruva Sagar (15 comments.) says:

    Thanks, this is a great revelation!

  5. Cyneox says:

    I could not reproduce that bug…I have some doubts that it really works

    but i simply fixed but using folowing code in “forum-functions.php”:


    function forum_get_profile($user){
    global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link;

    if(is_numeric($user)) {
    .....
    }

    just use that “is_numeric” (since user ID are integers and not strings containing sql queries).

  6. Sabo (13 comments.) says:

    @Dhruva Sagar Believe me, the exploit works like a charm, I already obtained some md5 hashed passwords from it. The exploit in combination with this http://md5.rednoize.com/ is going to be a playground for all the script kiddies out there.

  7. Sabo (13 comments.) says:

    Sorry, my comment was for Cyneox, I don´t get used to this UGLY design of this website.

    Jeffro2pt0 dude, this website looks like we were in 1995.

  8. Sabo (13 comments.) says:

    @Cyneox did you use that code like this:

    function forum_get_profile if(is_numeric($user){
    global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link;

    or like this?

    function forum_get_profile($user){
    global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link;
    if(is_numeric($user)) {

    Because if you used the second one, I don´t know where should I close the }

  9. Cyneox says:

    @Sabo

    the code was added in “forum-functions.php”.

    i used:

    function forum_get_profile($user){
    global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link;
    if(is_numeric($user)) {
    ...
    }

    the last “}” comes after the “return”.

    I think this bug works only on pure wordpress (not wordpress mu) although i haven’t test it already…

  10. Cyneox says:

    @Sabo

    nice this you got there…can u please tell me which plugin you are using for the paged posts on the first site ?

  11. Cyneox says:

    nice site you got there…can u please tell me which plugin you are using for the paged posts on the first site ?

    [ SORRY FOR THE DOUBLE POST ]

  12. Sabo (13 comments.) says:

    @Cyneox Dude, your fix didn´t work to fix the security issue, I implemented and then apply the exploit and I could obtain all the usersnames/md5hashedpasswords/e-mails@…

    That fix didn´t work for a normal WordPress installation.

    And thanks about the site, for the page navigation I´m using:
    http://www.mis-algoritmos.com/.....ugin-v-10/

    Regards!

  13. Cyneox says:

    @Sabo

    Well that fix did work for me. Actually I can’t really understand why it shouldn’t work.

    According to http://www.php.net/is_numeric:

    is_numeric ( mixed $var )

    if $var is a number (integer,doubles etc.) ‘the_numeric’ will return TRUE. Else ‘FALSE’ will be returned.

    In OUR case the script should verify is the paramater given to ‘user’ is an integer or not.

    The normal page URL will be:

    http://blabla.com/?page_id=7&a.....amp;user=1

    The hack makes use of not verificating the parameter given to ‘user':

    http://www.blablabla.com/?page.....ull,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_users/*

    As you can see the value given to ‘user’ is NOT an integer and that’s why you add the condition (at the beginning of the script):

    if (is_numeric($user)) {
    // here goes the rest of the php script
    }

    I am using WPMU and the hack did not work on my site. Which version of WordPress/WPMU are you using ?

  14. N3X15 says:

    Try wrapping the input with intval( ), too. Quick fix.

  15. Sabo (13 comments.) says:

    @Cyneox
    I tried the patch on WP2.3.2 and didn´t worked.

    We can hardly read on this “track back spam” comments. Jeffro2pt0 man, at least if you are not going to use a easy to read theme separate at least your trackbacks from the normal posts.

    http://www.dailyblogtips.com/s.....ress-blog/

    Regards!

  16. Jeffro2pt0 (164 comments.) says:

    @Sabo Hey there. I am a guest blogger for WeblogToolsCollection.com and do not own this domain or have full control over the display or functionality of this blog. This blog is owned by Mark Ghosh. If you have any comments regarding this blog, the articles or just want to tell him what you think, contact him via http://weblogtoolscollection.com/contact-me/

  17. Mark Ghosh (386 comments.) says:

    Sabo, I do not agree that they need to be separated. We can take that discussion offline. Email me at mark at wltc dot net if you would like.

  18. Simon (2 comments.) says:

    Just for the record, I always use something like $user = intval($user); to ensure input that should be a whole number is sanitised. Rather than check whether it is an integer, why not force it to be one (if it’s not numeric, 0 is returned)?

  19. Phil Coffee (2 comments.) says:

    I know this is an old post, but one would be surprised at the amount of sites that still have not fixed this vulnerability to this day.



Trackbacks/Pingbacks

  1. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  2. […] paso, se alerta de otra grave vulnerabilidad, esta vez en el plugin Wp-Forum. Como aún no existe parche, se recomienda borrarlo a la espera de mejor […]

  3. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  4. […] you are putting your site at an increased risk of being exploited. As was reported by me on WeblogToolsCollection.com, malicious users are in fact taking advantage of the flaws found within the WP-Forum plugin. If you […]

  5. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  6. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  7. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  8. […] wurde geschlossen. Im zusätzlichen WP-Forum-Plugin wurde ebenfalls eine Lücke gefunden, die auch ausgiebig ausgenutzt wird. Das Plugin sollte bis zum Erscheinen eines Updates deaktiviert […]

  9. […] also point to a vulnerability in the WP-Forum plugin that is being actively exploited and if you are using this plugin, remove it until an update is […]

  10. […] existe una vulnerabilidad en el plugin WP-Forum que está siendo explotado activamente justo ahora. Si estás utilizando ése plugin por favor […]

  11. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  12. […] also mentioned about a vulnerabity on WP-Forum plugin. Input passed to the “user” parameter in the WordPress installation’s index.php script (when […]

  13. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  14. […] anche al plugin WP-Forum: in questo caso il bug, confermato nella versione 1.7.4, è ben più grave in quanto consente, […]

  15. […] gibt es einen Fehler im WP-Forum-Plugin (Infos). WordPress empfiehlt dieses Plugin vorerst zu […]

  16. […] ?????? ??????? ???????????? ?????????? ? ??????? WP-Forum, ???? ?? ??????????? ???? ??????, ?????????? ??? […]

  17. […] a few minor bugs fixed as well. The WordPress team recommends removing the WP-Forum plugin due to vulnerability which they need to […]

  18. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  19. […] ???????WP-Forum ????????????????????????????????? […]

  20. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  21. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  22. […] das WordPress-Forum Plugin benutzt, der lese einmal hier und entferne es dann besser … ansonsten wie gesagt oben die Datei fixen oder gleich WP 2.3.3 […]

  23. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  24. […] você está usando o plugin WP-Forum, é bom atualizá-lo também, por que o bicho tá pegando pro lado dele também. Uma falha de segurança está sendo explorada e a correção já está na […]

  25. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  26. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  27. […] também uma vulnerabilidade no plugin WP-Forum que está a ser explorada por diversos indivíduos neste momento. É aconselhado a que desactivem o […]

  28. […] o blog oficial do WordPress, há também uma falha de segurança no plugin WP-Forum. Se você o utiliza, trabalho dobrado. É necessário atualizá-lo […]

  29. […] should know that there is also a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, the recommendation is to […]

  30. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  31. […] in 2.3.2, don’t put off the upgrade if you can help it! Also, if you use the WP-Forum plugin, read this […]

  32. […] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  33. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  34. […] ???WP-Forum ????? ?????????????????????????????????????????????????????????????????????? […]

  35. […] ?? ??? ?????? ???? ?????. ????????, ???? ?????????? ???? ????????? ??? plugin WP-Forum, ??? ?? ?? ??????????????, ?? ?????? ?? ?? […]

  36. […] plus, attention si vous utilisez le plugin wp-forum, il existe une faille qui est très activement exploitée ! Réseaux sociaux […]

  37. […] finns också sårbarheter i WP-Forum pluggen som  exploateras aktivt i dessa dagar. Om du använder det insticksprogrammet, avaktivera det […]

  38. […] of note, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  39. […] a vulnerability within this WP-Forum plugin that can be exploited by malicious users to conduct SQL injection attacks. WP recommend to […]

  40. […] se descubrió una vulnerabilidad en el WP-forum plugin que al momento sigue asi, se recomienda desactivar dicho plugin hasta que sea […]

  41. […] se informa de que se ha detectado una vulnerabilidad en el pluginthe WP-Forum que puede ser explotada ahora mismo, y se recomienda que si estas usando este plugin, dejes de […]

  42. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  43. […] ???????wp-forum?????????????????????????????????????????????? […]

  44. […] additional warning is issued regarding the WP Forum plugin which contains a vulnerability that is still actively exploited. If you’re running this plugin, it is strongly advised that […]

  45. […] and copy it over your existing xmlrpc.php. If you require the whole release you can get here.Also a vulnerability in the WP-Forum plugin has been found and is being actively exploited right now. If you are using this plugin it’s […]

  46. […] também uma vulnerabilidade no plugin WP-Forum que está a ser explorada por diversos indivíduos neste momento. É aconselhado a que desactivem o […]

  47. […] vi è una vulnerabilità nel plugin WP-Forum , se stai usando questo plugin, è meglio rimuovere fino a quando non sarà disponibile un […]

  48. […] Ainda há uns outros pequenos bugs que foram resolvidos e uma notícia para aqueles que utilizam o plugin WP-Forum. […]

  49. […] ??cnBeta???WordPress 2.3.3 ??????????????????????????????????????????WordPress 2.3.3 ????????????????????????????????????wordpress.org.cn????? ????????????????????????????????????????????????????? WordPress 2.3.3 ???????????????? xml-prc ????????????????????????????????????????????????????????????????????bug??????64????? PHP 5.2.1????????????????????????????????????????xml-prc????????????????? xmlrpc.php ???????? xmlrpc.php???????????????? ???????wp-forum?????????????????????????????????????????????? ????????????????????????????????WordPress??????????????????????? ?????WordPress??????????????????????? […]

  50. […] idea, it is not always in your best interest to have this as your set up. Apparently there is a bug in the current version of the WP-Forum plugin that allows malicious users to access your database information. Whenever you have a situation […]

  51. […] disso, existe uma vulnerabilidade no plugin WP-Fórum que está sendo ativamente explorada no momento. Se você estiver usando este plugin, por favor […]

  52. […] ???????wp-forum?????????????????????????????????????????????? […]

  53. […] The WP-forum plugin has a security hole that hasn’t been repaired yet. You’ll need to disable that plug-in until a fix has been made. Read about that problem here. […]

  54. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  55. […] informan de una vulnerabilidad en el plugin WP-Forum. Si lo estás usando, es recomendable desactivarlo […]

  56. […] it over your existing xmlrpc.php. Otherwise, you can get the entire release here.Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  57. […] pacote inteiro e actualizar o seu WordPress. Também existe um vulnerabilidade existente no plugin WP-Forum. Se está a usar este plugin recomenda-se a desactivação do mesmo até que o seu autor […]

  58. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  59. […] sind die Version 2.32 von WordPress (sollte schleunigst upgedatet werden) und das WP Forum, anscheinend verschiedene […]

  60. […] também referido, aquando desta release, que existe uma vulnerabilidade no plugin WP-Forum, o conselho é simplesmente desinstalar o plugin e aguardar que seja lançado um update do […]

  61. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  62. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  63. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  64. […] byla objevena také v pluginu WP-Forum. Pokud jej používáte, vypn?te jej, dokud autor nepublikuje […]

  65. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  66. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  67. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  68. […] este patch también se hizo un llamado a todos los webmasters para dejar de usar justamente el plugin WP-Forum debido a que presenta un […]

  69. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  70. […] y para los que usen el plugin WP-Forum, la recomendación es deshabilitarlo y borrarlo en espera de una nueva versión, ya que la actual […]

  71. […] hay una vulnerabilidad in el plugin WP-Forum la cual esta siendo explotada activamente en este momento. Si tu estas usando este plugin, por […]

  72. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  73. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  74. […] ???????wp-forum?????????????????????????????????????????????? […]

  75. […] gibt es ein schwerwiegendes Sicherheitsproblem mit dem WP-Forum-Plugin. Solange es kein Sicherheitsupdate gibt, wird allen Benutzern dringend geraten das Plugin zu […]

  76. […] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  77. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  78. […] otra notita, al parecer hay un a vulnerabilidad grave en el plugin WP-Forum asi que si lo tienes activo, mejor deshabilitarlo hasta nuevo […]

  79. […] ada kelemahan di plugin WP-Forum yang saat ini sedang dieksploitasi secara aktif. Jika Anda menggunakan plugin ini, harap […]

  80. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  81. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  82. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  83. […] ???????wp-forum?????????????????????????????????????????????? […]

  84. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  85. […] xmlrpc.php y corrige otros fallos considerados “menores”. Tambien nos avisa de una vulnerabilidad grave en el plugin WP-Forum, que está siendo explotada “a mansalva” y nos recomienda deshabilitar el plugin hasta que el autor corrija la mencionada […]

  86. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  87. […] en WordPress se ah dado aviso de un bug en el plugin WP-Forum, el cual esta siendo sumamente explotado, por lo cual se recomienda desactivarlo hasta que el autor […]

  88. […] Weblog Tools Collection reports a vulnerability in the WP-Forum WordPress Plugin. […]

  89. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  90. […] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  91. […] disso, existe uma vulnerabilidade no plugin WP-Fórum que está sendo ativamente explorada no momento. Se você estiver usando este plugin, por favor […]

  92. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  93. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  94. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  95. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  96. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  97. […] un exploit que le han encontrado al plugin wp-forum, y que usamos en este blog, desactivo hasta tanto salga […]

  98. […] foi informado que outro bug no plugin WP- Forum foi descoberto e está sendo explorado por  hackers. A recomendação neste caso é remover o […]

  99. […] A few more things are worth mentioning here. First thing is that if you are currently using a vulnerability in the WP-Forum plug-in, make sure you remove it till further update is available from its author because this plug-in can […]

  100. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  101. […] bara den uppdaterade xmlrpc.php filen. WordPress varnar också för att många med tillägget “WP-Forum plugin” är utsatta för säkerhetsluckor just nu, man bör avaktivera detta tills uppdateringar finns […]

  102. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  103. […] ????????????????WP-Forum????????WordPress????????????????????????????????????? […]

  104. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  105. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  106. […] Pelo menos descobri a causa: plugin do fórum. O fórum está offline por tempo indeterminado, até que o criador do plugin resolva o […]

  107. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  108. […] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  109. […] additional warning is issued regarding the WP Forum plugin which contains a vulnerability that is still actively exploited. If you’re running this plugin, it is strongly advised that […]

  110. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  111. […] it over your existing xmlrpc.php. Otherwise, you can get the entire release here.Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  112. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  113. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  114. […] ???????wp-forum?????????????????????????????????????????????? […]

  115. […] ada kelemahan di plugin WP-Forum yang saat ini sedang dieksploitasi secara aktif. Jika Anda menggunakan plugin ini, harap […]

  116. […] ???????wp-forum?????????????????????????????????????????????? […]

  117. […] download the certain version xmlrpc.php and copied him more you were xmlrpc.php. Also, there was frailty in WP-Forum plugin that actively was exploited immediately. If you were using this plugin, please evacuated him until […]

  118. […] WordPress??WP-Forum?????????????????????????????????????????? […]

  119. […] ???WordPress??WP-Forum?????????????????????????????????????????? Published in wordpress Tags: wordpress […]

  120. […] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  121. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  122. […] Forum ist derzeit aus Sicherheitsgründen deaktiviert – sorry. Sobald der vermutete Bug im Plugin behoben oder geklärt ist, geht’s […]

  123. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  124. […] WP-Forum SQL Injection Vulnerability – Earlier this week, the websec security team has discovered a vulnerability within this plugin that can be exploited by malicious users to conduct SQL injection attacks […]

  125. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  126. […] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an […]

  127. […] Fredrik Fahlstad’s wp-Forum plugin to manage my forums. Shortly after implementation, a security alert was issued. I waited a few days to see if an update were forthcoming, but after receiving no news, I […]

  128. […] postaram que existe uma vulnerabilidade no plugin WP-Forum que est? sendo explorada agora. Se voc? usa esse plugin, desative ele at? que uma atualiza??o seja […]

Obviously Powered by WordPress. © 2003-2013

page counter
css.php