Slashdot Mirror


PHP Blogging Apps Open to XML-RPC Exploits

miller60 writes "A bunch of popular PHP-based blogging and content management apps are vulnerable to a security hole in the PHP libraries handling XML-RPC, which could allow a server compromise. Affected apps include Wordpress, Drupal, PostNuke, Serendipity, phpAdsNew, phpWiki and many more. The presence of the security hole in a large number of programs is among the factors leading the Internet Storm Center to warn that the environment is ripe for a major Internet security event."

4 of 166 comments (clear)

  1. How is this a problem? by Anonymous Coward · · Score: 5, Funny

    A blog server compromise cannot possibly lead to worse content.

  2. Choice of words by Valacosa · · Score: 5, Funny

    "...major Internet security event."

    A euphemism if I've ever heard one. Can I think of a better euphemism?

    "Wardrobe malfunction"

    Ah, there it is.

    --
    "Live as if you'll die tomorrow." Ridiculous. You could die later today.
  3. I hear sirens. Wooo. Woooo. Woo wooo. by dotslashdot · · Score: 5, Funny

    The Internet Storm Center Reports that a high pressure coding flaw in PHP has created an error mass large enough to cause a rotation in sysadmin heads and has issued a red hat/flag Internet surf warning for all surfing sites.

  4. Re:Don't want to bash PHP.... by Mr2001 · · Score: 5, Funny

    BTW, suphp is my favorite way to check the overall status of an HP-UX system.

    # suphp
    Not much, runnin' some processes. 'Sup with you?

    --
    Visual IRC: Fast. Powerful. Free.