Hacking: Attacks Target XML-RPC Flaws in PHP Blogging Apps


Hackers are launching attacks on popular PHP-based blogging, wiki and content management program that failed to patch a serious security hole discovered in July. The attacks exploit flaws in the way PHP libraries handle XML-RPC commands, and appear to be targeting installations of WordPress and Drupal.

If left unpatched, an attacker could compromise a web server through vulnerable programs including WordPress, Drupal, PostNuke, Serendipity, phpAdsNew and phpWiki, among others. These projects all issued fixes six months ago, as did the authors of the affected PHP libraries. Netcraft: Attacks Target XML-RPC Flaws in PHP Blogging Apps

Linked by shanmuga Monday, 7th November 2005 2:32AM