Monday, July 04, 2005

Blog Worms


Picture credit: http://securityawareness.blogspot.com
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThe incredible popularity of the PHP web application language has an obvious downside: if a significant vulnerability is discovered, it will take a while to patch all of the relevant systems. Netcraft reported today that just such a weakness has been discovered: the XML-RPC libraries (conventional and PEAR) allow remote execution of PHP code via a failed escapement of quotes. Popular applications such as PostNuke, WordPress and Drupal are vulnerable.

Such an exploit combined with Santy-style installation techniques (i.e., it uses Google to search for potential victims) could wreak havoc on thousands of servers.

Netcraft: PHP Blogging Apps Vulnerable to XML-RPC Exploits

No comments: