Forum Post: SQL Injection

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Forum Post: SQL Injection

Podz
"My personal blog powered by WordPress 2.0.1 (latest version) hacked
today! (SQL injection probably) As I was watching the tab of the browser
to loading my blog, a frame appeared in sidebar and mutilated blog design.
This frame added to last category. It was getting from this address:
http:// www. pragma.ru/ ~dch/ inc/

It added to a lot of field such as blog description in options section
and Category name too. I have been looking at it for the last four hour
and still can't understand what it is about? How resolve this bug? All
plugins are secure! "

It is not theme files (see thread).

Advice would be good.

P.
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forum Post: SQL Injection

Podz
Podz wrote:
> "My personal blog powered by WordPress 2.0.1 (latest version) hacked
> today! (SQL injection probably) .......

That'll be this thread then :)
http://wordpress.org/support/topic/62162?replies=7#post-331298
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Forum Post: SQL Injection

Dougal Campbell
Podz wrote:
> Podz wrote:
>> "My personal blog powered by WordPress 2.0.1 (latest version) hacked
>> today! (SQL injection probably) .......
>
> That'll be this thread then :)
> http://wordpress.org/support/topic/62162?replies=7#post-331298

See my comment:

   http://wordpress.org/support/topic/62162?replies=11#post-331334

I believe that the SQL injection occurred via the Click Counter plugin
on this user's site. I've left a comment about it on Ozh's site, as well.

--
Dougal Campbell <[hidden email]>
http://dougal.gunters.org/

_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

fwiw: informing a user that a updated plugin is avaiable

Per Søderlind
One of the main problems a plugin author has, when he/she updates a plugin,
is to tell the user that a new version is avalable.

Here's how I do it using Prototype:
http://soderlind.no/download/plugin_updated_demo.zip

You'll find a full implementation in the latest version of my ImageManager
plugin:
http://soderlind.no/archives/2006/01/03/imagemanager-20/


Kind regards,
Per

Prototype:
http://prototype.conio.net/
Prototype quick ref:
http://www.snook.ca/archives/000531.php
Prototype doc:
http://www.sitepoint.com/print/painless-javascript-prototype 
http://www.sergiopereira.com/articles/prototype.js.html 


_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: fwiw: informing a user that a updated plugin is avaiable

Glenn-13
That's great Per, I've been trying to come up with a solution to that
same problem.

I've been toying with using the svn server on wp-plugins.org and
flagging an update when a new tag is created, have it sit
as a plugin itself and have it check once a day for updates.  I was
trying to come up with something that would be able to be used by any
plugin author, and wouldn't take much time up.  My idea was to have a
plugin that people could install that would work as a plugin update
manager, so all the checking update code could be contained within that
and not have to be done for each plugin.  The other alternative I
thought was to have a standard function/method that could be stuck into
a plugin if the author wanted to use the update facility.

Of course for this to work it would require the use of a standard
repository to be used like wp-plugins.org.

Glenn


Per Soderlind wrote:

> One of the main problems a plugin author has, when he/she updates a plugin,
> is to tell the user that a new version is avalable.
>
> Here's how I do it using Prototype:
> http://soderlind.no/download/plugin_updated_demo.zip
>
> You'll find a full implementation in the latest version of my ImageManager
> plugin:
> http://soderlind.no/archives/2006/01/03/imagemanager-20/
>
>
> Kind regards,
> Per
>
> Prototype:
> http://prototype.conio.net/
> Prototype quick ref:
> http://www.snook.ca/archives/000531.php
> Prototype doc:
> http://www.sitepoint.com/print/painless-javascript-prototype 
> http://www.sergiopereira.com/articles/prototype.js.html 
>
>
> _______________________________________________
> wp-hackers mailing list
> [hidden email]
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
>
>
>  


_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: fwiw: informing a user that a updated plugin is avaiable

Owen Winkler
Glenn wrote:
> That's great Per, I've been trying to come up with a solution to that
> same problem.

Matt Read has been working on an impressive Installer plugin that
everyone should check out.  You can find it here:

http://mattread.com/projects/wp-plugins/installer-the-plugin/

It can install and uninstall both plugins and themes directly from their
zip files, via URL or an uploaded file.  There are still a few glitches,
but I'm hoping that more people can pester Matt to get them worked out.

Assuming you don't want to bother with creating the XMLRPC service that
the Installer requires to obtain update information, I've created this
Plugin Version Service at RedAlt:

http://redalt.com/wiki/Plugin+Version+Service

There are more details there, but basically, you create an account and
register whatever plugins you like.  You can then use http://redalt.com/ 
in your plugin header as the Update Server, as needed by Matt's plugin,
and RedAlt will return the required XMLRPC results.

I have implemented this versioning method in the latest iteration of my
Countdown plugin:

http://redalt.com/wiki/Countdown

Not sure what else to say...  Oh!  The Ajax editing stuff in the
function reference that I was talking about at the IRC meetup is
accessible if you create a PVS account and log in there.  The function
reference stuff is here, in case you weren't at the meetup:

http://redalt.com/fn/

Be gentle.

Ok, going to pass out now.

Owen
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Loading...