Hacker, Researcher and Author.

Wordpress Fixes a major security issue by releasing 3.0.2

Wordpress has just released it's newest version 3.0.2 fixing a critical security flaw in wordpress 3.0.1, The new version fixes a Security issue which allowed the author level users to gain further access to the website, Wordpress has not mentioned yet that what type of vulnerability was found, All we know that the blogs with Multiple author are vulnerable to this type of attack, So make sure that you update it as soon as possible



Here is the official statement by wordpress:
WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:
Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!
Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.

5 comments:

  1. hi bro!!...hope ur well being there!!...i know that ur having a vry hectic schedule...so i m in intention to disturb with the threads and posts:).......just i need to clarify few of the technical doubts,related to "tab-nabbing"....whose technique i had got revealed from the SOURCES(frm azarask) quoted by U :)...so bro if u dont mind could i pls ask u few question related to this!!??

    ReplyDelete
  2. I've tried to update my blog through 1 click installation but it doesn't continue!

    ReplyDelete
  3. azarask has given all his tools in the form of a "jave/html script".......which i m finding atmost difficult to implement n understand!!..... how can i use those script to attack the victim............i mean where shall i upload those,or in which format i shall send it to the victim..........all these queries have quibbled my minds like anything!!!!

    Please help me out bro!

    Thanks!:)

    ReplyDelete
  4. @Satyam
    Satyam open big.js file and there search for "Fake page" remove that line and replace it with your Fake Page url, Next upload hem and you are done...

    ReplyDelete
  5. Bro again a sad news for us!! plz read this:

    "In a major embarrassment for the Central Bureau of Investigation, A group of self-proclaimed paki hackers named "Pakistani cyber army" hacked in Indian CBI website, cbi.nic.in, on Friday night, Dec 3. The netizens who logged on to the official home page of CBI website were redirected to a different page with a warning message. "Indian cyber army should not attack Pakistan websites," the hackers exclaimed that they are from Pakistan cyber army. The warning note also carried the information regarding controls provided by the National Informatics Center, an authority which works computer server across the country.

    The message from the hackers also spoke about the filtering controls provided by the National Informatics Centre, a body which mans computer servers across the country. In addition to the CBI website, the self-proclaimed Pakistan Cyber army claims to have hacked another 270 websites.

    CBI Technical experts just turned the site offline, which is still not accessible even after 12 hours of attack."

    Could u throw some light upon these day by day rampant terror activities!.......afterall i m just not able to understand how r they able to breach NASSCOM security!?

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.