This WordPress site is clean

And we don’t have analog TVs anymore, so that’s a plus considering we don’t want a visit from the ‘TV People‘ (If you’re not a fan of the scary, I’d be careful with that link).

Anyway, I noticed through the Ars Technica feed there on the right hand side of the page that researchers in Finland had discovered a bug in WordPress 3’s comment system that could allow someone to include malicious JavaScript code in a comment, providing the attacker with all kinds of fun things to do. As the article states, by using this code, someone could create a new administrator account with a new password, change the old password locking the old administrator out, and have complete control of the site to do anything they want, including attack visitors and commenters.

It’s exceptionally similar to the way an SQL Injection attack works (remember SQL?), which we’ll talk about in class, except instead of trying to get a database to fess up its contents it attempts to wrest administrator control from the actual site administrator. We need JavaScript, though – how can we get ants to chase our cursor without it?

Luckily for us, this site runs on WordPress version 4.0.1, so we’re not at risk of this vulnerability. I just wanted to make this short post in case anyone saw that and had concerns, which I suspect was exactly zero of you. Continue on, people!

Going Up