Scoperta vulnerabilitÃ gravissima in Xml-rpc

Snowolf · 11 Luglio 2005

E' stata scoperta da qualche giorno una vulnerabilitÃ gravissima in Xml-rpc. Xml-rpc Ã¨ fondamentale in qualunque sito in php.

Tutti i forum, cms, blog ecc o quasi non aggiornatissimi sono vulnerabili, in particolare phpbb >= 2.0.15, Xoops, Drupal, Wordpress ecc.

Di exploits ce ne sono a bizzeffe, ne ho provati io stesso un paio e posso garantire che la vulnerabilitÃ Ã¨ seria, molto seria.

In un paio di secondi ho preso l'hash md5 della password poi avrei dovuto convertirla ma avevo dato solo 7 lettere a rainbowcrack quando ho fatto le rainbowtables e le mie password sono piÃ¹ lunghe. Comunque assolutamente aggiornate tutto.

Snowolf · 11 Luglio 2005

Elenco completo software interessati:

Xoops Xoops 2.0.12

Xoops Xoops 2.0.11

Xoops Xoops 2.0.10

Xoops Xoops 2.0.9 .3

Xoops Xoops 2.0.9 .2

Xoops Xoops 2.0.5 .2

Xoops Xoops 2.0.5 .1

Xoops Xoops 2.0.5

Xoops Xoops 2.0.3

Xoops Xoops 2.0.2

Xoops Xoops 2.0.1

Xoops Xoops 2.0

XML-RPC for PHP XML-RPC for PHP 1.1

XML-RPC for PHP XML-RPC for PHP 1.0.99 .2

XML-RPC for PHP XML-RPC for PHP 1.0.99

XML-RPC for PHP XML-RPC for PHP 1.0 2

XML-RPC for PHP XML-RPC for PHP 1.0 1

XML-RPC for PHP XML-RPC for PHP 1.0

WordPress WordPress 1.5.1 .2

WordPress WordPress 1.5.1

WordPress WordPress 1.5

WordPress WordPress 1.2.2

WordPress WordPress 1.2.1

+ Gentoo Linux

WordPress WordPress 1.2

+ Gentoo Linux

+ Gentoo Linux 1.4

WordPress WordPress 0.71

WordPress WordPress 0.7

Ubuntu Ubuntu Linux 5.0 4 powerpc

Ubuntu Ubuntu Linux 5.0 4 i386

Ubuntu Ubuntu Linux 5.0 4 amd64

Ubuntu Ubuntu Linux 4.1 ppc

Ubuntu Ubuntu Linux 4.1 ia64

Ubuntu Ubuntu Linux 4.1 ia32

Trustix Secure Linux 2.2

Trustix Secure Linux 2.1

Trustix Secure Enterprise Linux 2.0

TikiWiki Project TikiWiki 1.8.4

+ Gentoo Linux

TikiWiki Project TikiWiki 1.8.3

TikiWiki Project TikiWiki 1.8.2

TikiWiki Project TikiWiki 1.8.1

TikiWiki Project TikiWiki 1.8

TikiWiki Project TikiWiki 1.7.9

TikiWiki Project TikiWiki 1.7.8

TikiWiki Project TikiWiki 1.7.7

TikiWiki Project TikiWiki 1.7.6

TikiWiki Project TikiWiki 1.7.5

TikiWiki Project TikiWiki 1.7.4

TikiWiki Project TikiWiki 1.7.3

TikiWiki Project TikiWiki 1.7.2

TikiWiki Project TikiWiki 1.7.1 .1

TikiWiki Project TikiWiki 1.6.1

S9Y Serendipity 0.8.1

S9Y Serendipity 0.8 -beta6 Snapshot

S9Y Serendipity 0.8 -beta6

S9Y Serendipity 0.8 -beta5

S9Y Serendipity 0.8

S.u.S.E. Open-Enterprise-Server 9.0

S.u.S.E. Linux Professional 9.3 x86_64

S.u.S.E. Linux Professional 9.3

S.u.S.E. Linux Professional 9.2 x86_64

S.u.S.E. Linux Professional 9.2

S.u.S.E. Linux Professional 9.1 x86_64

S.u.S.E. Linux Professional 9.1

S.u.S.E. Linux Professional 9.0 x86_64

S.u.S.E. Linux Professional 9.0

S.u.S.E. Linux Professional 8.2

S.u.S.E. Linux Personal 9.3 x86_64

S.u.S.E. Linux Personal 9.3

S.u.S.E. Linux Personal 9.2 x86_64

S.u.S.E. Linux Personal 9.2

S.u.S.E. Linux Personal 9.1 x86_64

S.u.S.E. Linux Personal 9.1

S.u.S.E. Linux Personal 9.0 x86_64

S.u.S.E. Linux Personal 9.0

S.u.S.E. Linux Personal 8.2

S.u.S.E. Linux Enterprise Server 9

RedHat Fedora Core4

RedHat Fedora Core3

RedHat Enterprise Linux WS 4

RedHat Enterprise Linux WS 3

RedHat Enterprise Linux ES 4

RedHat Enterprise Linux ES 3

RedHat Enterprise Linux AS 4

RedHat Enterprise Linux AS 3

RedHat Desktop 4.0

RedHat Desktop 3.0

PostNuke Development Team PostNuke 0.76 RC4b

PostNuke Development Team PostNuke 0.76 RC4a

PostNuke Development Team PostNuke 0.76 RC4

PostNuke Development Team PostNuke 0.75

phpWebsite phpWebsite 0.10.1

phpWebsite phpWebsite 0.10

phpWebsite phpWebsite 0.9.3 -4

phpWebsite phpWebsite 0.9.3 -3

phpWebsite phpWebsite 0.9.3 -2

phpWebsite phpWebsite 0.9.3 -1

phpWebsite phpWebsite 0.9.3

phpPgAds phpPgAds 2.0.5 RC2

phpPgAds phpPgAds 2.0

phpMyFAQ phpMyFAQ 1.5 RC4

phpMyFAQ phpMyFAQ 1.5 RC3

phpMyFAQ phpMyFAQ 1.5 RC2

phpMyFAQ phpMyFAQ 1.5 RC1

phpMyFAQ phpMyFAQ 1.5 beta3

phpMyFAQ phpMyFAQ 1.5 beta2

phpMyFAQ phpMyFAQ 1.5 beta1

phpMyFAQ phpMyFAQ 1.5 alpha2

phpMyFAQ phpMyFAQ 1.5 alpha1

phpMyFAQ phpMyFAQ 1.4.8

phpMyFAQ phpMyFAQ 1.4.7

phpMyFAQ phpMyFAQ 1.4.6

phpMyFAQ phpMyFAQ 1.4.5

phpMyFAQ phpMyFAQ 1.4.4

phpMyFAQ phpMyFAQ 1.4.3

phpMyFAQ phpMyFAQ 1.4.2

phpMyFAQ phpMyFAQ 1.4.1

phpMyFAQ phpMyFAQ 1.4 a

phpMyFAQ phpMyFAQ 1.4 -alpha 2

phpMyFAQ phpMyFAQ 1.4 -alpha 1

phpMyFAQ phpMyFAQ 1.4

PHPGroupWare PHPGroupWare 0.9.16 RC3

PHPGroupWare PHPGroupWare 0.9.16 RC2

PHPGroupWare PHPGroupWare 0.9.16 RC1

PHPGroupWare PHPGroupWare 0.9.16 .005

PHPGroupWare PHPGroupWare 0.9.16 .003

+ Gentoo Linux

PHPGroupWare PHPGroupWare 0.9.16 .002

PHPGroupWare PHPGroupWare 0.9.16 .000

PHPGroupWare PHPGroupWare 0.9.14 .007

PHPGroupWare PHPGroupWare 0.9.14 .006

PHPGroupWare PHPGroupWare 0.9.14 .005

PHPGroupWare PHPGroupWare 0.9.14 .004

PHPGroupWare PHPGroupWare 0.9.14 .003

PHPGroupWare PHPGroupWare 0.9.14 .002

PHPGroupWare PHPGroupWare 0.9.14 .001

PHPGroupWare PHPGroupWare 0.9.14

PHPGroupWare PHPGroupWare 0.9.13

- Debian Linux 2.2

PHPGroupWare PHPGroupWare 0.9.12

- Conectiva Linux 7.0

- Conectiva Linux 8.0

- Conectiva Linux 9.0

- MySQL AB MySQL 3.23.31

- MySQL AB MySQL 3.23.34

- MySQL AB MySQL 3.23.36

- PostgreSQL PostgreSQL 6.3.2

- PostgreSQL PostgreSQL 6.5.3

phpAdsNew phpAdsNew 2.0.4 -pr2

phpAdsNew phpAdsNew 2.0.4 -pr1

phpAdsNew phpAdsNew 2.0 beta 6

phpAdsNew phpAdsNew 2.0 beta 5

phpAdsNew phpAdsNew 2 dev 30092001

phpAdsNew phpAdsNew 2 dev 09102001

PHP-Wiki PHP-Wiki 1.3.11 _rc3

PHP-Wiki PHP-Wiki 1.3.11 _rc2

PHP-Wiki PHP-Wiki 1.3.10

PHP-Wiki PHP-Wiki 1.3.9

PHP-Wiki PHP-Wiki 1.3.3

PHP-Wiki PHP-Wiki 1.3.2

PHP-Wiki PHP-Wiki 1.3.1

PHP-Wiki PHP-Wiki 1.2.2

PHP-Wiki PHP-Wiki 1.2.1

PHP-Wiki PHP-Wiki 1.2

PEAR XML_RPC 1.3 RC3

PEAR XML_RPC 1.3 RC2

PEAR XML_RPC 1.3 RC1

PEAR XML_RPC 1.3

Nucleus CMS Nucleus CMS 3.2

Nucleus CMS Nucleus CMS 3.1

Nucleus CMS Nucleus CMS 3.0 RC

Nucleus CMS Nucleus CMS 3.0 1

Nucleus CMS Nucleus CMS 3.0

MandrakeSoft Linux Mandrake 10.2 x86_64

MandrakeSoft Linux Mandrake 10.2

MandrakeSoft Linux Mandrake 10.1 x86_64

MandrakeSoft Linux Mandrake 10.1

MandrakeSoft Linux Mandrake 10.0 amd64

MandrakeSoft Linux Mandrake 10.0

MandrakeSoft Corporate Server 3.0 x86_64

MandrakeSoft Corporate Server 3.0

MailWatch for MailScanner MailWatch for MailScanner 1.0

MailWatch for MailScanner MailWatch for MailScanner 0.5.1

MailWatch for MailScanner MailWatch for MailScanner 0.5

MailWatch for MailScanner MailWatch for MailScanner 0.4

eGroupWare eGroupWare 1.0.6

eGroupWare eGroupWare 1.0.3

eGroupWare eGroupWare 1.0.1

eGroupWare eGroupWare 1.0 .0.007

Drupal Drupal 4.6.1

Drupal Drupal 4.6

Drupal Drupal 4.5.3

Drupal Drupal 4.5.2

Drupal Drupal 4.5.1

Drupal Drupal 4.5

CivicSpace Labs CivicSpace 0.8.1

CivicSpace Labs CivicSpace 0.8 .0.5

CivicSpace Labs CivicSpace 0.8 .0.4

CivicSpace Labs CivicSpace 0.8 .0.3

CivicSpace Labs CivicSpace 0.8 .0.2

CivicSpace Labs CivicSpace 0.7.2

BLOG:CMS BLOG:CMS 3.6.4

BLOG:CMS BLOG:CMS 3.6.2

Ampache Ampache 3.3.1

Ampache Ampache 3.3

Ampache Ampache 3.2.4

Ampache Ampache 3.2.3

Ampache Ampache 3.2.2

Ampache Ampache 3.2.1

Ampache Ampache 3.2

Accedi

Scoperta vulnerabilitÃ gravissima in Xml-rpc

Messaggi raccomandati

Snowolf

Link al commento

Condividi su altri siti

Snowolf

Link al commento

Condividi su altri siti

Archiviato

Ora Popolare

Collegamento Monitor a Mac Mini M2

Dallo staff

Italiamac partner dell’evento sul marketing &Love Story + buono sconto

⚠️ NOVITÀ DI ITALIAMAC + LAVORI IN CORSO.

✍️ Volete scrivere nel blog di Italiamac? Scoprite come in questo post.

🛍 Ripristinato il mercatino

😎 Ampliamento staff di Italiamac, come candidarsi.

🏠 Indice del forum

💬 Post Feed