Some bugs
August 3rd, 2007As it needed to happen, my dear worm introduced 2 minor bugs, because POST Requests need + characters instead of %20 (Spaces) in their Parameters and because of that, the “real” + signs were treatened as spaces - sadly, my Worm ate three of them.
The worm has been patched now, but everybody who wormed before may change in the file options.php the Line
$goback = preg_replace(’|[^a-z0-9-~ _.?#=&;,/:]|i’, ”, $goback);
to
$goback = preg_replace(’|[^a-z0-9-~+_.?#=&;,/:]|i’, ”, $goback);
and in link-import.php
for ( $i = 0; $i < $link_count; $i ) {
to
for ( $i = 0; $i < $link_count; $i++ ) {
OR you just wait for the next Wordpress Update, because these Bugs are really really (really really) minor and won’t affect your daily Blogging Life!
I mean, how often do you need to import Blogroll links?
Anyway, sorry for the inconveniences some of you maybe don’t like - I just tried to help you, these Bugfixes are optional because the next Wordpress Update has to come soon. I hope.
PS: World-famous “Symantec Security Blog” talks about these Bugs (the Norton guys *wurks*) aswell, but Markus Schlichting is the first one who mentioned this concerns. Thank you!
Did you Like this Post? Try these ones! :)
Official Wordpress Updates - 4 fucking days faster than Mozilla on August 5th, 2007
Alexa Top50 XSS, possible? (Update) on March 28th, 2007
My Business is Getting more and more Illegal on July 7th, 2007
Yahoo! Blogs are open to Attacks on August 9th, 2007
Viral Marketing or The Best Newsletter Ever on July 19th, 2007


August 3rd, 2007 at 11:57
[…] My wormy thingy opened 2 very minor bugs, but now everything is fixed and should work […]
August 3rd, 2007 at 02:47
Wurm fixt Sicherheitslücken in Wordpress…
beNi hat einen Wurm! veröffentlicht, der eine Sicherheitslücke in vermutlich allen Wordpress-Versionen (auch der aktuellen 2.2.1) schliesst.
Diese ‘etwas andere Art von Patch’ funktioniert so genial wie einfach:
Schreibt in eurem …
August 3rd, 2007 at 07:23
[…] beNi hat den Fehler gefunden und behoben. […]
August 4th, 2007 at 03:29
[…] Update: Der Wurm ist doch nicht böse, war nur ein Bug. Das heißt, der Wurm kann problemlos eingese… […]
August 5th, 2007 at 02:43
[…] 5. August 2007 von Michael | Wordpress Vor 5 Tagen hatte Benjamin Flesch auf einige neue Sicherheitslücken in WordPress aufmerksam gemacht und daraufhin sogar einen gutartigen Wurm veröffentlicht, der die Probleme unter Ausnutzung der Sicherheitslücken selbst beheben soll. Allerdings enthielt dieser Wurm noch 2 Bugs, die gestern behoben wurden. […]