WordPress 2.6.2 Released

09 Sep

Posted by SE as Wordpress | | Print This Post

New WordPress version, 2.6.2, was released yesterday to mitigate a new attack called SQL Column Truncation. If you allow users to register, then you need to upgrade to 2.6.2.

You might have heard of SQL injection, which is widely used by hackers. SQL Column Truncation is not widely used however. A malicious user can create a new account using a known user id: admin and gain access to your site through resetting the password.

To learn more about SQL Column truncation, read Stefan Esser’s post “SQL Column Truncation“. He gives a detailed example of how a user id could be cloned, if you allow others to register to your site.

Therefore it is a good idea in general to change the admin id and rename it to an unknown userid, that has the same privileges as admin.

Regards.

Popularity: 18% [?]

Last Related Posts

WordPress 2.7 Released

WordPress 2.6.3 Released Today

WordPress 2.8.6 Available With a Security Fix

What you Ought to Know About Fantastico?

WordPress 2.5.1 has an Important Security Fix For 2.5 Users

4 Responses

James

September 18th, 2008 at 9:36 am
1

Hi, I found your blog on this new directory of WordPress Blogs at blackhatbootcamp.com/listofwordpressblogs. I dont know how your blog came up, must have been a typo, i duno. Anyways, I just clicked it and here I am. Your blog looks good. Have a nice day. James.
SE

September 19th, 2008 at 12:43 pm
2

Thanks, James for your note.
I don’t know too how my blog got there.
mrmuggles

September 19th, 2008 at 6:40 pm
3

Hi! I already knew that there was an update for WordPress, but I’m still on the old one (I don’t allow registration). But I just wanted to say thanks for the SQL truncation link, it’s really a great thing to know and something more to enforce the fact that you need to validate user input!

mrmuggles’s last blog post..I Can Haz Hoax Too! 11 Cat Hoaxes, Part II.
SE

September 22nd, 2008 at 12:15 pm
4

mrmuggles
Thanks for writing. Yes, after suffering from vulnerabilities in wordpress, I always care and try to find security related issues that can further help any wordpress site builder.
Regards.

RSS feed for comments on this post · TrackBack URI

Have your say, your comments are very welcome.

I appreciate you taking the time to comment, please consider the following when commenting:
- Use your real name or a pseudonym you frequently use.
- Be relevant and contributive to the post.
- If you want to ad a link, pick a relevant link to the post.
Please note: I reserve the right to edit, censor, and/or delete any comment.

(About)

Welcome ...

Welcome to my blog! I believe that non techie people should be able to create a web presence affordably and with minimal effort!
My name is Sherif Elsisi and on this blog I share my knowledge, discovery and experience with hosting issues, Webmaster tools, security and usability.

About Me | Free blog setup | Value added Web Hosting