Comments on: WordPress 2.0.3: Nonces http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/ WordPress puts food on my table. Fri, 18 Jul 2008 23:32:13 +0000 http://wordpress.org/?v=MU By: Nerdaphernalia » JavaScript Pull-Quotes 2.0 http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-89337 Nerdaphernalia » JavaScript Pull-Quotes 2.0 Mon, 09 Jun 2008 03:09:30 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-89337 [...] Improved security via nonces [...] [...] Improved security via nonces [...]

]]> By: More Thought on numbers used ounce(i.e. nounce) | wehuberconsultingllc.com http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88934 More Thought on numbers used ounce(i.e. nounce) | wehuberconsultingllc.com Mon, 28 Apr 2008 00:39:28 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88934 [...] Upgrade plugin is an unnecessary precaution, I am puzzled why it did not work.  According to Mark’s post on nounces, it sounds like in theory this "number use ounce" should still be valid if you [...] [...] Upgrade plugin is an unnecessary precaution, I am puzzled why it did not work.  According to Mark’s post on nounces, it sounds like in theory this "number use ounce" should still be valid if you [...]

]]> By: CSRF Slides « Mark on WordPress http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88735 CSRF Slides « Mark on WordPress Tue, 15 Apr 2008 03:08:44 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88735 [...] Cross-Site Request Forgeries (CSRF).  We tackled this security issue in WordPress two years ago.  I wrote an article about the issue that still holds true (plugin authors should definitely give it a read if any of [...] [...] Cross-Site Request Forgeries (CSRF).  We tackled this security issue in WordPress two years ago.  I wrote an article about the issue that still holds true (plugin authors should definitely give it a read if any of [...]

]]> By: FreeMoby » Blog Archive » Wordpress Plugin: Cookie Timeout http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88591 FreeMoby » Blog Archive » Wordpress Plugin: Cookie Timeout Sat, 22 Mar 2008 23:10:53 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88591 [...] Added nonce security. [...] [...] Added nonce security. [...]

]]> By: CSRF Attack on WordPress · Pressed Words http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88384 CSRF Attack on WordPress · Pressed Words Wed, 13 Feb 2008 16:47:22 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88384 [...] guards against CSRF attacks in general by confirming actions that don’t seem quite right (i.e. when the nonces don’t check out), but this attack hides all of the confirmation message except the approval button, which appears [...] [...] guards against CSRF attacks in general by confirming actions that don’t seem quite right (i.e. when the nonces don’t check out), but this attack hides all of the confirmation message except the approval button, which appears [...]

]]> By: WordPress Plugin Sicherheitsmöglichkeiten | bueltge.de [by:ltge.de] http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88257 WordPress Plugin Sicherheitsmöglichkeiten | bueltge.de [by:ltge.de] Thu, 31 Jan 2008 13:01:32 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88257 [...] WordPress 2.0.3: Nonces Artikel #539, 31. Januar 2008 · Code, PHP, Tipps, WordPress · 0 Kommentare Tags: Code, Entwicklung, PHP, Plugin, Sicherheit, WordPress, WP Gelesen: 6 · heute: 6 · zuletzt: 31. Jan 08, 14:00 Kommentar-Feed zum Artikel, TrackBack URL Hinzufügen zu: Technorati, del.icio.us, Mr. Wong, LinkARENA, SEOigg [...] [...] WordPress 2.0.3: Nonces Artikel #539, 31. Januar 2008 · Code, PHP, Tipps, WordPress · 0 Kommentare Tags: Code, Entwicklung, PHP, Plugin, Sicherheit, WordPress, WP Gelesen: 6 · heute: 6 · zuletzt: 31. Jan 08, 14:00 Kommentar-Feed zum Artikel, TrackBack URL Hinzufügen zu: Technorati, del.icio.us, Mr. Wong, LinkARENA, SEOigg [...]

]]> By: g30rg3 Blog » XSRF bajo Dean’s Permalinks Migration 1.0 http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88060 g30rg3 Blog » XSRF bajo Dean’s Permalinks Migration 1.0 Mon, 21 Jan 2008 08:14:29 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-88060 [...] Explicación Debido a la falta de sanitización de la variable: “dean_pm_config[’oldstructure’]” es posible inyectar código malicioso (XSS), aunque esta cuenta con unos filtros estos no están ni por un poco preparados para sanitizar de manera adecuada la información que se piensa guardar, lo cual nos lleva a la posibilidad de inyectar código malicioso (XSS) dentro de esta misma. Sin embargo para que esto funcione se requiere que el usuario inyecte el código malicioso (XSS), lo cual se puede lograr diseñando una pagina maliciosa para hacer que el usuario realice esta acción sin darse darse cuenta (XSRF) el cual es posible debido a que el plugin no hace uso de las funciones para proteger formularios incluidas en WordPress (WP-Nonces). [...] [...] Explicación Debido a la falta de sanitización de la variable: “dean_pm_config[’oldstructure’]” es posible inyectar código malicioso (XSS), aunque esta cuenta con unos filtros estos no están ni por un poco preparados para sanitizar de manera adecuada la información que se piensa guardar, lo cual nos lleva a la posibilidad de inyectar código malicioso (XSS) dentro de esta misma. Sin embargo para que esto funcione se requiere que el usuario inyecte el código malicioso (XSS), lo cual se puede lograr diseñando una pagina maliciosa para hacer que el usuario realice esta acción sin darse darse cuenta (XSRF) el cual es posible debido a que el plugin no hace uso de las funciones para proteger formularios incluidas en WordPress (WP-Nonces). [...]

]]> By: Ryan From Internet Marketing Blog http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-86595 Ryan From Internet Marketing Blog Sat, 05 Jan 2008 22:59:49 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-86595 You should write another post like this about the newest Wordpress release. Ryan You should write another post like this about the newest WordPress release.

Ryan

]]> By: Ruvoqxox http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-73310 Ruvoqxox Mon, 15 Oct 2007 16:52:09 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-73310 generic l441 xanax <a href="http://xa2.freehostia.com/1/generic-l441-xanax.php " rel="nofollow"> generic l441 xanax</a> generic l441 xanax
generic l441 xanax

]]> By: List Draft Posts: a WordPress plugin : Losing it[1] http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-73260 List Draft Posts: a WordPress plugin : Losing it[1] Mon, 15 Oct 2007 06:44:04 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-73260 [...] really nice article by Leonid Mamchenkov on how to make options pages for WordPress plugins, and this piece by Mark Jaquith on how to make such things more [...] [...] really nice article by Leonid Mamchenkov on how to make options pages for WordPress plugins, and this piece by Mark Jaquith on how to make such things more [...]

]]> By: Cavojpop http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-71710 Cavojpop Fri, 05 Oct 2007 18:08:18 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-71710 no rx valium <a href="http://v33.freehostia.com/v11/no-rx-valium.html " rel="nofollow">no rx valium</a> no rx valium
no rx valium

]]> By: pharmamaster http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-71677 pharmamaster Fri, 05 Oct 2007 12:49:32 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-71677 Great post!!! Im using wordpress 2.2.3 http://soundproducer.blogspot.com/ Great post!!!
Im using wordpress 2.2.3
http://soundproducer.blogspot.com/

]]> By: Lyhouxox http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-71589 Lyhouxox Fri, 05 Oct 2007 03:11:06 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-71589 big pizza sausage trinity <a href="http://qe.freehostia.com/pizz/big-pizza-sausage-trinity.html " rel="nofollow">big pizza sausage trinity</a> big pizza sausage trinity
big pizza sausage trinity

]]> By: Writing Secure WordPress Plugins - Using attribute_escape and wp_nonce functions http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-62438 Writing Secure WordPress Plugins - Using attribute_escape and wp_nonce functions Mon, 20 Aug 2007 17:02:15 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-62438 [...] http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/ http://www.wordpress.com [...] [...] http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/ http://www.wordpress.com [...]

]]> By: Cross Site Scripting (XSS) | bueltge.de [by:ltge.de] http://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-59367 Cross Site Scripting (XSS) | bueltge.de [by:ltge.de] Thu, 09 Aug 2007 11:49:20 +0000 https://markjaquith.wordpress.com/2006/06/02/wordpress-203-nonces/#comment-59367 [...] WordPress Nonces [...] [...] WordPress Nonces [...]

]]>