Now you all can invite me on skype for any kind of help required as my username is krackoworld


21 December 2012

Pin It

WordPress Pingback Vulnerability- New!


WordPress Pingback Vulnerability
There is no doubt that one of the best Blogging Platform WordPress has so many vulnerabilities- some are fixed and some are yet to be discovered. This week Accunetix a web application security company reported vulnerabilities found in the Wordpress Pingback feature. According to this report, Pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service (DDoS) attacks mainly.

What is WordPress Pingback Vulnerability Concept?

Recently Bogdan Calin explained that WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. This php file is used for posting blog content from 3rd party editor like Windows Live Writer etc.When WordPress is processing pingbacks, it's trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog.

How to Fix it ?

First of all check whether your blog falls under this attack via a tool named as "WordpressPingbackPortScanner". A new tool has been released that automates the pingback vulnerability autonomously. That tool exposes the API and lets attackers scan other hosts, multiple WordPress blogs and with a specialized URL, reconfigure routers.
Now just disable your WordPress pingback feature and stay safe until WordPress Community should fix this bug in its next security release update.

Thats it! Have a nice day!


Respected Readers :-
As a 18 years old student, running the top most blog in today's world is something quite difficult to do or handle as we bring the best things available related to ethical hacking and security tips to our readers every day. To keep us strong with this attitude, a small contribution from your side will highly be appreciated.

 

E njoyed this post very much – So why not you Subscribe to our regular Email Updates ! and stay connected with us forever .  

Kindly Bookmark and Share it with your friends :

0 comments :

Have any question? Feel free to Ask Below

Your feedback is always Precious to us.
I will try to answer all the queries as soon as possible.

Regards
karan chauhan

 

Recent Posts

Recent Comments

| KrackoWorld (KoW) © 2014. All Rights Reserved | Style By All Web Designing | | Contact |