post-page

Permalinks Migration Vulnerability

13
responses
by
 
on
January 25th, 2008
in
WordPress Plugins, WordPress Security

According to an advisory released by Packetstorm, a fellow by the name of g30rg3_x has discovered two bugs within Dean’s Permalinks Migration Plugin version 1.0. The first bug relates to XSRF and can allow an attacker to force a user to perform an unsolicited action that when combined with an XSS bug that has also been discovered, allows the attacker to gain valid credentials.

g30rg3_x actually provides a detailed explanation into the problem:

Since the variable $dean_pm_config[‘oldstructure’] its not correctly sanitized (when retrieving), this allow any user to store/save “malicious code” inside the database and later be injected this “malicious code” when the data is retrieved. Using the XSRF as a “combo” we can create crafted pages that will force users to conduct this injection and steal some valid credentials to the WordPress based CMS.

g30rg3_x has tried to contact the author of the plugin but has not had any success in doing so. Instead, he has taken on the liberty of releasing his own special sub-version for the plugin which contains the necessary fixes. The plugin is called 1.1-gx and uses some of the WordPress coding standards that are suggested by WordPress developers. You can download a fixed version of this plugin by clicking here.

heading
heading
13
Responses

 

Comments

  1. Tadd says:

    Ah, good catch … I better grab that change and replace the plug I installed!

    Nothing like sql injections to make a day go bad.

  2. Ted Clayton says:

    I very recently installed this plugin, along with a number of other, and yesterday suddenly could not bring up my homepage at all. This morning, the page partially renders, then stops at the same place with an error message: “… exceeded the ‘max_questions’ resource … “.

    I did notice some laborious action, while installing Dean’s and another Permalinks-related plugin. I have FTPed all my recently installed plugins out of /wp-content/plugins, will wait an hour for the ‘resource’ error to time out (correct?) and try my site again. Unless you guys know different, my understanding is we should leave my host alone so the error times out.

    Will update. Any insight appreciated.

  3. Ted Clayton says:

    Site working! Actually, I think I noticed the laborious install/activate-action, when installing Top Level Cats, and Redirection. Following those, I also activated Dean’s Permalinks, but I think noticed nothing.

  4. Rick Beckman says:

    I wish I knew about this plugin before I spent hours coming up with an .htaccess solution! Dealing with the redirect at the server level is probably a bit faster and more secure anyway. There are certain permalink changes which won’t be able to be dealt with at the server level — such as going from plain name-based permalinks to something with more information, such as year/name-based.

  5. Ashish Mohta says:

    Do you need this plugin to be activated forever in the blog or you can just quit using it after some months when the migration is over

  6. Rick Beckman says:

    Ashish: You’ll likely need it for as long as websites have links to any of your old-style permalinks, unless you are okay with serving up a Content Not Found page to visitors from those older sources.

    Search engines should eventually update. If you’re able, definitely keep a watch on your server access logs; over time, requests for old-style permalinks should become fewer. When they reach a level you’re happy with, you’ll be safe disabling the plugin.

    If a few websites are consistently sending content to an older style permalink, it might be worth it to add a simple redirect in an .htaccess file, if you’re able, such as this:

    Redirect /2006/04/01/some-old-post/ /some-old-post/

    Adjust that accordingly, of course. 🙂

  7. Connie says:

    So where’s the link to the packetstorm advisory? I checked the list of January 2008 advisories and found nothing. I might have missed it — here’s the link for anyone who cares to check http://packetstormsecurity.org/0801-advisories/.

  8. I think the latest one fixed the problem..is int it??

  9. Joost says:

    Can you please upload it again? The link doesnt work. Thanks. Or please send it to me, as i entered my e-mail.



Trackbacks/Pingbacks

  1. […] Collection, an article was posted earlier today regarding a vulnerability in version 1.0 of the Deans Permalinks Migration Plugin. The said vulnerability involves XSRF or Cross-site request forgery and allow the attacker to steal […]

  2. […] Dean’s Migration Plugin Vulnerability – According to an advisory released by Packetstorm, a fellow by the name of g30rg3_x has discovered two bugs within Dean’s Permalinks Migration Plugin version 1.0. The first bug relates to XSRF and can allow an attacker to force a user to perform an unsolicited action that when combined with an XSS bug that has also been discovered, allows the attacker to gain valid credentials. […]

  3. […] Migration Plugin Version 1.0. However, it’s got a bug apparently so the fix is here in this Weblog Tools Collection post, or download here from g30rg3 Blog or from WordPress […]

  4. […] below (e.g., going from name-based permalinks back to name and date-based permalinks), there is a WordPress plugin that can take care of you. If all you want to do is change from name and date-based permalinks to […]

Obviously Powered by WordPress. © 2003-2013

css.php