Serendipity 1.1.3 and 1.2-beta2 released due to SQL exploit
Serendipity 1.1.3 and 1.2-beta2 have been released due to a SQL injection attack reported by Dr. Neal Krawetz today. It is possible to abuse a 'commentMode' variable to inject SQL code that was targeted to the function that fetches comment information. This variable was introduced to Serendipity 1.1 - all prior versions are not affected.
Please update your blogs as soon as possible. If you are using a database backend that allows SQL union queries, the injection could probably lead to disclosure of the stored MD5 password hashes. Because of this, we also suggest to update your blog user account passwords.
It is a good idea to check your server's Access-Logs and search for the 'commentMode' variable to see, if malicious request have been issued to your blog already.
For those people that do not want to upgrade to a whole new version, you can also simply patch the file include/functions_comments.inc.php and replace the single occurence of:
$type = $serendipity['GET']['commentMode'];
to
$type = serendipity_db_escape_string($serendipity['GET']['commentMode']);
We are very sorry for this, but happy to provide a quick fix in short time. You can download the latest files as usual on www.s9y.org. Read the FAQ on how to perform an easy update.
Trackbacks
Trackback specific URI for this entry
- No Trackbacks
Comments
Display comments as (Linear | Threaded)
Neut on at :
sqall on at :
deminy on at :
Manuel Charisius on at :
Ben on at :
disgruntled user on at :
Really? on at :
Really? on at :
Hey disgruntled user: his last log entry was from a few hours ago, just before your posting here. Are you the guy at 24.154.233.208 who failed to own his blog?
Niels on at :
that was very fast.
i love this software ;)
Hasdne on at :
Paws on at :
I did mod the code. Seemed to be the fastest way. No need to upload the full package again when it's only 1 line of code that has changed.
Thanks again!
Paws ^^
Ben on at :
Kangaxx on at :
Great Software. :-)
scatterhead on at :
Andy on at :
Jörg on at :
Luca on at :
verb0ten on at :