Permalinks Migration Vulnerability
Please subscribe to our RSS feed for new articles. We report on Wordpress news, themes, plugins, ideas, hacks, quick fixes and everything about blogging, especially about Wordpress. You can also receive updates from this blog via email if you want that method of notification.
According to an advisory released by Packetstorm, a fellow by the name of g30rg3_x has discovered two bugs within Dean’s Permalinks Migration Plugin version 1.0. The first bug relates to XSRF and can allow an attacker to force a user to perform an unsolicited action that when combined with an XSS bug that has also been discovered, allows the attacker to gain valid credentials.
g30rg3_x actually provides a detailed explanation into the problem:
Since the variable $dean_pm_config['oldstructure'] its not correctly sanitized (when retrieving), this allow any user to store/save “malicious code” inside the database and later be injected this “malicious code” when the data is retrieved. Using the XSRF as a “combo” we can create crafted pages that will force users to conduct this injection and steal some valid credentials to the WordPress based CMS.
g30rg3_x has tried to contact the author of the plugin but has not had any success in doing so. Instead, he has taken on the liberty of releasing his own special sub-version for the plugin which contains the necessary fixes. The plugin is called 1.1-gx and uses some of the WordPress coding standards that are suggested by WordPress developers. You can download a fixed version of this plugin by clicking here.
(4 votes, average: 5 out of 5)
Loading ...
Comments RSS
Obviously Powered by 
Ah, good catch … I better grab that change and replace the plug I installed!
Nothing like sql injections to make a day go bad.
[Reply]
Tadd (83 comments.) — 01/25/2008 @ 10:06 amI very recently installed this plugin, along with a number of other, and yesterday suddenly could not bring up my homepage at all. This morning, the page partially renders, then stops at the same place with an error message: “… exceeded the ‘max_questions’ resource … “.
I did notice some laborious action, while installing Dean’s and another Permalinks-related plugin. I have FTPed all my recently installed plugins out of /wp-content/plugins, will wait an hour for the ‘resource’ error to time out (correct?) and try my site again. Unless you guys know different, my understanding is we should leave my host alone so the error times out.
Will update. Any insight appreciated.
[Reply]
Ted Clayton (31 comments.) — 01/25/2008 @ 11:14 amSite working! Actually, I think I noticed the laborious install/activate-action, when installing Top Level Cats, and Redirection. Following those, I also activated Dean’s Permalinks, but I think noticed nothing.
[Reply]
Ted Clayton (31 comments.) — 01/25/2008 @ 12:24 pmI wish I knew about this plugin before I spent hours coming up with an .htaccess solution! Dealing with the redirect at the server level is probably a bit faster and more secure anyway. There are certain permalink changes which won’t be able to be dealt with at the server level — such as going from plain name-based permalinks to something with more information, such as year/name-based.
[Reply]
Rick Beckman (13 comments.) — 01/25/2008 @ 1:16 pmDo you need this plugin to be activated forever in the blog or you can just quit using it after some months when the migration is over
[Reply]
Ashish Mohta — 01/25/2008 @ 2:02 pmAshish: You’ll likely need it for as long as websites have links to any of your old-style permalinks, unless you are okay with serving up a Content Not Found page to visitors from those older sources.
Search engines should eventually update. If you’re able, definitely keep a watch on your server access logs; over time, requests for old-style permalinks should become fewer. When they reach a level you’re happy with, you’ll be safe disabling the plugin.
If a few websites are consistently sending content to an older style permalink, it might be worth it to add a simple redirect in an .htaccess file, if you’re able, such as this:
Redirect /2006/04/01/some-old-post/ /some-old-post/
Adjust that accordingly, of course.
[Reply]
Rick Beckman (13 comments.) — 01/25/2008 @ 2:07 pmSo where’s the link to the packetstorm advisory? I checked the list of January 2008 advisories and found nothing. I might have missed it — here’s the link for anyone who cares to check http://packetstormsecurity.org/0801-advisories/.
[Reply]
Connie (3 comments.) — 02/3/2008 @ 5:10 am[...] Collection, an article was posted earlier today regarding a vulnerability in version 1.0 of the Deans Permalinks Migration Plugin. The said vulnerability involves XSRF or Cross-site request forgery and allow the attacker to steal [...]
Permalinks Migration Plugin Vulnerability » JaypeeOnline // Blogging News & Reviews — 02/3/2008 @ 8:22 am[...] Dean’s Migration Plugin Vulnerability - According to an advisory released by Packetstorm, a fellow by the name of g30rg3_x has discovered two bugs within Dean’s Permalinks Migration Plugin version 1.0. The first bug relates to XSRF and can allow an attacker to force a user to perform an unsolicited action that when combined with an XSS bug that has also been discovered, allows the attacker to gain valid credentials. [...]
WordPress Weekly Episode 3 | Jeffro2pt0 — 04/25/2008 @ 4:04 am[...] Migration Plugin Version 1.0. However, it’s got a bug apparently so the fix is here in this Weblog Tools Collection post, or download here from g30rg3 Blog or from WordPress [...]
Permalink Structure Change — 04/30/2008 @ 7:50 am[...] below (e.g., going from name-based permalinks back to name and date-based permalinks), there is a WordPress plugin that can take care of you. If all you want to do is change from name and date-based permalinks to [...]
How to Update Your WordPress Permalinks Without Causing Link Rot — Kingdom Front — 05/4/2008 @ 3:24 am