Check the codex at http://codex.wordpress.org/Enable_Sending_Referrers for information. The "sending referrers" problem is pretty common, and can happen for about a thousand different reasons. All of the common causes and solutions are in the codex link above If you check that, then try installing a different browser (like Firefox or Opera) and see if that makes a difference. If it's still broken, then hit this thread again and let me know. Abhishek @tech86 ... Thanks for the alert bro ... But I'd suggest providing a link to the release page or fix whitepaper of the exploit rather than the exploit itselves, coz there are many craptards roaming around here! Abhishek
Ok, you know what.. **** you. Honestly, you need to learn to accept a favour and not bitch about it. You might not know much about the security world but what you need to realize is that the security world is not "synchronized". Just cause someone posted a dangerous exploit online, doesn't mean that there is a nice innocent upgrade on the official website. This also doesn't mean that there is a nice innocent advisory posted somewhere with exploit. At the time when I saw this vulnerability, this was the only form of documentation available online in regards to this vulnerability. As I read about this I remembered that a LOT of webmasters on these forums use Wordpress and so I decided to post it here with a simple temporary fix. That to me seemed like a good idea so that the other people on here do not end up with thier entire websites deleted. So you know what, this was for the webmasters that needed this information and found it usefull. If you didn't there is a [x] button to the right hand top site of the corner USE it and don't make a worthless post discouraging people from helping out.
One more thing, if you bothered to read the simple english explanation on there, you will read that it's possible to inject a php shell / backdoor into the wordpress install. This means that a weak mysql password is not required. However that is a secondary form of attack.
In this case as far as I am aware at the time I made the post the whitepapar was not available and by the time it is a lot of the webmasters here could be victims.
Do the Wordpress guys know about this? I went to their site after seeing this and didn't find any discussions about it...
I believe they do and they will probably release a fix as soon as they can. Abhishek, you're blog was actually the first one that popped in my head and then I was like, hmm a lot of dP users use wordpress.
Theirs no need to make any drama out of my post, that wasn't my intent. I said thanks for the heads up, you did a great thing for for making the public aware of the exploit, my only gripe ws that you posted the actual code to execute this rather than just a heads up.
I apoligize I get riled up when I get crap for trying to do a nice thing. Also one more time, I would've posted a harmless advisory if there was on out there at the time.
May its the time they fixed this issue, check http://forums.digitalpoint.com/showthread.php?t=90949 ! Cheers, Dreamchaser
You think the script kiddies don't already have access to this exploit? By publishing the exploit you're giving knowledgable people a way to easily see what is being done and how best to fix the issue. By keeping it secret, you're only giving the crackers an opportunity to create further exploits.
Yea, more info @ http://forums.digitalpoint.com/showpost.php?p=956218&postcount=5 ! Cheers, Dreamchaser