Blog Worms
Picture credit: http://securityawareness.blogspot.com
The incredible popularity of the PHP web application language has an obvious downside: if a significant vulnerability is discovered, it will take a while to patch all of the relevant systems. Netcraft reported today that just such a weakness has been discovered: the XML-RPC libraries (conventional and PEAR) allow remote execution of PHP code via a failed escapement of quotes. Popular applications such as PostNuke, WordPress and Drupal are vulnerable.
Such an exploit combined with Santy-style installation techniques (i.e., it uses Google to search for potential victims) could wreak havoc on thousands of servers.
Netcraft: PHP Blogging Apps Vulnerable to XML-RPC Exploits
No comments:
Post a Comment