{"id":2088,"date":"2006-10-19T17:58:21","date_gmt":"2006-10-19T15:58:21","guid":{"rendered":"https:\/\/www.fullo.net\/blog\/archives\/2006\/10\/19\/serendipity-security-release\/"},"modified":"2006-10-19T17:58:21","modified_gmt":"2006-10-19T15:58:21","slug":"serendipity-security-release","status":"publish","type":"post","link":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","title":{"rendered":"Serendipity security release"},"content":{"rendered":"<p>E&#8217; stata rilasciata una <a href=\"http:\/\/prdownloads.sourceforge.net\/php-blog\/serendipity-1.0.2.tar.gz?download\">security release per Serendipity<\/a>. E&#8217; stato trovato un baco XSS per l&#8217;area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di <a href=\"http:\/\/blog.s9y.org\/\">Serendipity<\/a> \u00e8 stato il primo ad essere stato attaccato :( &#8230;<\/p>\n<p>ciuaz<\/p>\n","protected":false},"excerpt":{"rendered":"<p>E&#8217; stata rilasciata una security release per Serendipity. E&#8217; stato trovato un baco XSS per l&#8217;area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di Serendipity \u00e8 stato il primo ad essere stato attaccato :( &#8230; ciuaz<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[9],"tags":[63,176,2248,217,1521,919],"class_list":["post-2088","post","type-post","status-publish","format-standard","hentry","category-php","tag-blog","tag-opensource","tag-php","tag-security","tag-serendipity","tag-xss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Serendipity security release - Fullo<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Serendipity security release - Fullo\" \/>\n<meta property=\"og:description\" content=\"E&#8217; stata rilasciata una security release per Serendipity. E&#8217; stato trovato un baco XSS per l&#8217;area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di Serendipity \u00e8 stato il primo ad essere stato attaccato :( &#8230; ciuaz\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/\" \/>\n<meta property=\"og:site_name\" content=\"Fullo\" \/>\n<meta property=\"article:published_time\" content=\"2006-10-19T15:58:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2021\/05\/FB_IMG_1515748807284.jpg?fit=1453%2C1453&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1453\" \/>\n\t<meta property=\"og:image:height\" content=\"1453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Francesco Fullone\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@fullo\" \/>\n<meta name=\"twitter:site\" content=\"@fullo\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesco Fullone\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\"},\"author\":{\"name\":\"Francesco Fullone\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"headline\":\"Serendipity security release\",\"datePublished\":\"2006-10-19T15:58:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\"},\"wordCount\":49,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"keywords\":[\"blog\",\"opensource\",\"php\",\"security\",\"serendipity\",\"xss\"],\"articleSection\":[\"php\"],\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\",\"name\":\"Serendipity security release - Fullo\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\"},\"datePublished\":\"2006-10-19T15:58:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Serendipity security release\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\",\"name\":\"Fullo\",\"description\":\"nulla e&#039; impossibile per chi non lo deve fare!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\",\"name\":\"Francesco Fullone\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"width\":622,\"height\":622,\"caption\":\"Francesco Fullone\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/www.fullo.net\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/fullo\",\"https:\\\/\\\/x.com\\\/fullo\"],\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/author\\\/fullo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Serendipity security release - Fullo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","og_locale":"it_IT","og_type":"article","og_title":"Serendipity security release - Fullo","og_description":"E&#8217; stata rilasciata una security release per Serendipity. E&#8217; stato trovato un baco XSS per l&#8217;area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di Serendipity \u00e8 stato il primo ad essere stato attaccato :( &#8230; ciuaz","og_url":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","og_site_name":"Fullo","article_published_time":"2006-10-19T15:58:21+00:00","og_image":[{"width":1453,"height":1453,"url":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2021\/05\/FB_IMG_1515748807284.jpg?fit=1453%2C1453&ssl=1","type":"image\/jpeg"}],"author":"Francesco Fullone","twitter_card":"summary_large_image","twitter_creator":"@fullo","twitter_site":"@fullo","twitter_misc":{"Scritto da":"Francesco Fullone"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/#article","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/"},"author":{"name":"Francesco Fullone","@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"headline":"Serendipity security release","datePublished":"2006-10-19T15:58:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/"},"wordCount":49,"commentCount":0,"publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"keywords":["blog","opensource","php","security","serendipity","xss"],"articleSection":["php"],"inLanguage":"it-IT","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","url":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","name":"Serendipity security release - Fullo","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/#website"},"datePublished":"2006-10-19T15:58:21+00:00","breadcrumb":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fullo.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Serendipity security release"}]},{"@type":"WebSite","@id":"https:\/\/www.fullo.net\/blog\/#website","url":"https:\/\/www.fullo.net\/blog\/","name":"Fullo","description":"nulla e&#039; impossibile per chi non lo deve fare!","publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fullo.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":["Person","Organization"],"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c","name":"Francesco Fullone","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","url":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","width":622,"height":622,"caption":"Francesco Fullone"},"logo":{"@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1"},"sameAs":["http:\/\/www.fullo.net","https:\/\/www.linkedin.com\/in\/fullo","https:\/\/x.com\/fullo"],"url":"https:\/\/www.fullo.net\/blog\/author\/fullo\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3OSc1-xG","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":2108,"url":"https:\/\/www.fullo.net\/blog\/2006\/11\/04\/aggiornate-php-e-fatelo-in-fretta\/","url_meta":{"origin":2088,"position":0},"title":"Aggiornate PHP, e fatelo in fretta&#8230;","author":"Francesco Fullone","date":"04\/11\/2006","format":false,"excerpt":"E' stata rilevato un bug abbastanza grave che permette di usare htmlentities() e htmlspecialchars() per eseguire codice remoto su un server (maggiori info su hardened-php). Siccome quelle due funzioni sono alla base di tutti i metodi di parsing e protezione contro XSS sono normalmente usate ovunque. Su PHP.net trovate le\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2085,"url":"https:\/\/www.fullo.net\/blog\/2006\/10\/18\/wordpress-205rc1\/","url_meta":{"origin":2088,"position":1},"title":"WordPress 2.0.5rc1","author":"Francesco Fullone","date":"18\/10\/2006","format":false,"excerpt":"Prima RC per l'ultima versione di Wordpress 2.0.x, con questa release sono stati corretti alcuni bug minori ed \u00e8 stato migliorato il controllo sui XSS per le custom form. Altra piccola features \u00e8 l'autoriconoscimento dei link all'interno dei post e dei commenti. Wordpress 2.0.5rc1 \u00e8 scaricabile qui ed eventuali bugs\u2026","rel":"","context":"In &quot;open source&quot;","block_context":{"text":"open source","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/open-source\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1712,"url":"https:\/\/www.fullo.net\/blog\/2005\/10\/26\/php-sicurezza-e-quantaltro\/","url_meta":{"origin":2088,"position":2},"title":"php, sicurezza e quantaltro&#8230;","author":"Francesco Fullone","date":"26\/10\/2005","format":false,"excerpt":"Continuano gli sproloqui e le wishlist sul futuro framework di Zend, per ora ne parlano: Wez Furlong (il quale per\u00f2 da anche le prime spiegazioni di come sar\u00e0 veramente) John Lim Chris Shifflet con una whishlist sulla sicurezza Ancora qualche links (forse qualcuno vecchio) sulla sicurezza delle applicazioni web: su\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1703,"url":"https:\/\/www.fullo.net\/blog\/2005\/10\/20\/links-sparsi\/","url_meta":{"origin":2088,"position":3},"title":"links sparsi","author":"Francesco Fullone","date":"20\/10\/2005","format":false,"excerpt":"E' stata (finalmente) rilasciata la versione 2.0 di OpenOffice.org nessuna novit\u00e0 dalle ultime 3 rc se non qualche bugfix. Ubuntu diventa anche server, Canonical ha infatti rilasciato una versione specifica per il mondo server dell'ultima nata Breezy. Firefox raggiunge i 100 milioni di download, complimenti! :) VmWare ha rilasciato VmPlayer,\u2026","rel":"","context":"In &quot;linux&quot;","block_context":{"text":"linux","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/linux\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2208,"url":"https:\/\/www.fullo.net\/blog\/2007\/02\/09\/php-521-e-month-of-bugs\/","url_meta":{"origin":2088,"position":4},"title":"PHP 5.2.1 e Month of Bugs","author":"Francesco Fullone","date":"09\/02\/2007","format":false,"excerpt":"E' stata rilasciata ieri la versione 5.2.1 di PHP, la versione corregge molti bug di sicurezza ed \u00e8 decisamente importante aggiornarla. A breve arriver\u00e0 anche la release 4.4.5 che corregger\u00e0 gli stessi (ed altri) problemi. Sempre riguardo la correzione di bachi di sicurezza Stefan Esser far\u00e0 partire dal primo di\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2326,"url":"https:\/\/www.fullo.net\/blog\/2007\/08\/27\/wordpress-23-rivoluzione-in-corso\/","url_meta":{"origin":2088,"position":5},"title":"WordPress 2.3, rivoluzione in corso","author":"Francesco Fullone","date":"27\/08\/2007","format":false,"excerpt":"E' stata annunciata la nuova minor release di Wordpress, che vedr\u00e0 la luce a settembre, e con essa un nuovo incasinamento per gli sviluppatori. Con Wordpress 2.3 vedremo (finalmente?) incluso un tag system degno di nota. Unico difetto \u00e8 che per inserire tale sistema sono state eliminate 3 tabelle abbastanza\u2026","rel":"","context":"In &quot;pensieri&quot;","block_context":{"text":"pensieri","link":"https:\/\/www.fullo.net\/blog\/category\/pensieri\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/2088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/comments?post=2088"}],"version-history":[{"count":0,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/2088\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/media?parent=2088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/categories?post=2088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/tags?post=2088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}