Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick
brad

PHP c0ders s0 gr3at

First read this.

Second, laugh.

Seriously:
...
The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.
....
The XML-RPC flaw was discovered by James Bercegay of GulfTech Security Research. Bercegay found that the libraries are "vulnerable to a very high risk remote php code execution vulnerability that may allow for an attacker to compromise a vulnerable webserver ... By creating an XML file that uses single quotes to escape into the eval() call an attacker can easily execute php code on the target server."
Hahahaha. I love the PHP community, that nobody found this in all this time. Does nobody audit the libaries they use?
Tags: funny, hate, tech
Subscribe

  • Ukraine

    Nobody reads my LiveJournal anymore, but thank you to everybody in Russia protesting Putin's insane war against Ukraine. (I know it's risky…

  • Happy Birthday!

    Happy 20th Birthday, LiveJournal! 🐐🎂🎉

  • hi

    Posting from the iPhone app. Maybe I'm unblocked now.

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 17 comments

  • Ukraine

    Nobody reads my LiveJournal anymore, but thank you to everybody in Russia protesting Putin's insane war against Ukraine. (I know it's risky…

  • Happy Birthday!

    Happy 20th Birthday, LiveJournal! 🐐🎂🎉

  • hi

    Posting from the iPhone app. Maybe I'm unblocked now.