{"id":2088,"date":"2006-10-19T17:58:21","date_gmt":"2006-10-19T15:58:21","guid":{"rendered":"https:\/\/www.fullo.net\/blog\/archives\/2006\/10\/19\/serendipity-security-release\/"},"modified":"2006-10-19T17:58:21","modified_gmt":"2006-10-19T15:58:21","slug":"serendipity-security-release","status":"publish","type":"post","link":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","title":{"rendered":"Serendipity security release"},"content":{"rendered":"<p>E&#8217; stata rilasciata una <a href=\"http:\/\/prdownloads.sourceforge.net\/php-blog\/serendipity-1.0.2.tar.gz?download\">security release per Serendipity<\/a>. E&#8217; stato trovato un baco XSS per l&#8217;area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di <a href=\"http:\/\/blog.s9y.org\/\">Serendipity<\/a> \u00e8 stato il primo ad essere stato attaccato :( &#8230;<\/p>\n<p>ciuaz<\/p>\n","protected":false},"excerpt":{"rendered":"<p>E&#8217; stata rilasciata una security release per Serendipity. E&#8217; stato trovato un baco XSS per l&#8217;area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di Serendipity \u00e8 stato il primo ad essere stato attaccato :( &#8230; ciuaz<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[9],"tags":[63,176,2248,217,1521,919],"class_list":["post-2088","post","type-post","status-publish","format-standard","hentry","category-php","tag-blog","tag-opensource","tag-php","tag-security","tag-serendipity","tag-xss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Serendipity security release - Fullo<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Serendipity security release - Fullo\" \/>\n<meta property=\"og:description\" content=\"E&#8217; stata rilasciata una security release per Serendipity. E&#8217; stato trovato un baco XSS per l&#8217;area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di Serendipity \u00e8 stato il primo ad essere stato attaccato :( &#8230; ciuaz\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/\" \/>\n<meta property=\"og:site_name\" content=\"Fullo\" \/>\n<meta property=\"article:published_time\" content=\"2006-10-19T15:58:21+00:00\" \/>\n<meta name=\"author\" content=\"Francesco Fullone\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@fullo\" \/>\n<meta name=\"twitter:site\" content=\"@fullo\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesco Fullone\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\"},\"author\":{\"name\":\"Francesco Fullone\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"headline\":\"Serendipity security release\",\"datePublished\":\"2006-10-19T15:58:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\"},\"wordCount\":49,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"keywords\":[\"blog\",\"opensource\",\"php\",\"security\",\"serendipity\",\"xss\"],\"articleSection\":[\"php\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\",\"name\":\"Serendipity security release - Fullo\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\"},\"datePublished\":\"2006-10-19T15:58:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/2006\\\/10\\\/19\\\/serendipity-security-release\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Serendipity security release\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/\",\"name\":\"Fullo\",\"description\":\"nulla e&#039; impossibile per chi non lo deve fare!\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/#\\\/schema\\\/person\\\/24e91bc6caea6c411a8668df5639428c\",\"name\":\"Francesco Fullone\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\",\"width\":622,\"height\":622,\"caption\":\"Francesco Fullone\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.fullo.net\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/www.fullo.net\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/fullo\",\"https:\\\/\\\/x.com\\\/fullo\"],\"url\":\"https:\\\/\\\/www.fullo.net\\\/blog\\\/author\\\/fullo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Serendipity security release - Fullo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","og_locale":"en_US","og_type":"article","og_title":"Serendipity security release - Fullo","og_description":"E&#8217; stata rilasciata una security release per Serendipity. E&#8217; stato trovato un baco XSS per l&#8217;area di amministrazione del cms che permetterebbe di mettere in ginocchio un sito basato sul cms opensource. Ovviamente il sito di Serendipity \u00e8 stato il primo ad essere stato attaccato :( &#8230; ciuaz","og_url":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","og_site_name":"Fullo","article_published_time":"2006-10-19T15:58:21+00:00","author":"Francesco Fullone","twitter_card":"summary_large_image","twitter_creator":"@fullo","twitter_site":"@fullo","twitter_misc":{"Written by":"Francesco Fullone"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/#article","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/"},"author":{"name":"Francesco Fullone","@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"headline":"Serendipity security release","datePublished":"2006-10-19T15:58:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/"},"wordCount":49,"commentCount":0,"publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"keywords":["blog","opensource","php","security","serendipity","xss"],"articleSection":["php"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","url":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/","name":"Serendipity security release - Fullo","isPartOf":{"@id":"https:\/\/www.fullo.net\/blog\/#website"},"datePublished":"2006-10-19T15:58:21+00:00","breadcrumb":{"@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fullo.net\/blog\/2006\/10\/19\/serendipity-security-release\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fullo.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Serendipity security release"}]},{"@type":"WebSite","@id":"https:\/\/www.fullo.net\/blog\/#website","url":"https:\/\/www.fullo.net\/blog\/","name":"Fullo","description":"nulla e&#039; impossibile per chi non lo deve fare!","publisher":{"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fullo.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.fullo.net\/blog\/#\/schema\/person\/24e91bc6caea6c411a8668df5639428c","name":"Francesco Fullone","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","url":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1","width":622,"height":622,"caption":"Francesco Fullone"},"logo":{"@id":"https:\/\/i0.wp.com\/www.fullo.net\/blog\/wp-content\/uploads\/2024\/10\/hawiaina-gold-circled-white.png?fit=622%2C622&ssl=1"},"sameAs":["http:\/\/www.fullo.net","https:\/\/www.linkedin.com\/in\/fullo","https:\/\/x.com\/fullo"],"url":"https:\/\/www.fullo.net\/blog\/author\/fullo\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3OSc1-xG","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":2085,"url":"https:\/\/www.fullo.net\/blog\/2006\/10\/18\/wordpress-205rc1\/","url_meta":{"origin":2088,"position":0},"title":"WordPress 2.0.5rc1","author":"Francesco Fullone","date":"18\/10\/2006","format":false,"excerpt":"Prima RC per l'ultima versione di Wordpress 2.0.x, con questa release sono stati corretti alcuni bug minori ed \u00e8 stato migliorato il controllo sui XSS per le custom form. Altra piccola features \u00e8 l'autoriconoscimento dei link all'interno dei post e dei commenti. Wordpress 2.0.5rc1 \u00e8 scaricabile qui ed eventuali bugs\u2026","rel":"","context":"In &quot;open source&quot;","block_context":{"text":"open source","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/open-source\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1703,"url":"https:\/\/www.fullo.net\/blog\/2005\/10\/20\/links-sparsi\/","url_meta":{"origin":2088,"position":1},"title":"links sparsi","author":"Francesco Fullone","date":"20\/10\/2005","format":false,"excerpt":"E' stata (finalmente) rilasciata la versione 2.0 di OpenOffice.org nessuna novit\u00e0 dalle ultime 3 rc se non qualche bugfix. Ubuntu diventa anche server, Canonical ha infatti rilasciato una versione specifica per il mondo server dell'ultima nata Breezy. Firefox raggiunge i 100 milioni di download, complimenti! :) VmWare ha rilasciato VmPlayer,\u2026","rel":"","context":"In &quot;linux&quot;","block_context":{"text":"linux","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/linux\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1876,"url":"https:\/\/www.fullo.net\/blog\/2006\/02\/16\/php-day-il-call-for-paper-e-aperto\/","url_meta":{"origin":2088,"position":2},"title":"PHP Day il call for paper \u00e8 aperto!","author":"Francesco Fullone","date":"16\/02\/2006","format":false,"excerpt":"Come annunciato qualche giorno fa \u00e8 stato aperto ufficialmente il call for paper del phpDay. Se volete discutere di php davanti ad un centinaio di persone e pensate di avere buone argomentazioni mandateci qualche info. Durante la manifestazione ci saranno 2 differenti percorsi di talk (tenuti parallelamente in due aulee):\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1392,"url":"https:\/\/www.fullo.net\/blog\/2005\/05\/11\/php-power-programming\/","url_meta":{"origin":2088,"position":3},"title":"php power programming","author":"Francesco Fullone","date":"11\/05\/2005","format":false,"excerpt":"PHP 5 Power Programming di Andi Gutmans, Stig Bakken and Derick Rethans \u00e8 stato rilasciato in versione PDF scaricabile gratuitamente. update grazie a koolinus che mi avvisa che tutti i libri della serie Bruce Perens sono scaricabili gratuitamente direttamente dal sito della Prentice Hall ciauz","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":621,"url":"https:\/\/www.fullo.net\/blog\/2003\/12\/22\/eclipse-3m6\/","url_meta":{"origin":2088,"position":4},"title":"eclipse 3M6","author":"Francesco Fullone","date":"22\/12\/2003","format":false,"excerpt":"\u00e8 stata rilasciata la Milestone 6 di Eclipse, l'IDE opensource sviluppato in collaborazione con IBM. Insieme a questa release \u00e8 stato reso disponibile anche il nuovo plug-in per il supporto di php, lo xored web studio 1.0. ciuaz","rel":"","context":"In &quot;tecnologia&quot;","block_context":{"text":"tecnologia","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2104,"url":"https:\/\/www.fullo.net\/blog\/2006\/10\/31\/piccoli-wordpress-crescono\/","url_meta":{"origin":2088,"position":5},"title":"Piccoli WordPress crescono","author":"Francesco Fullone","date":"31\/10\/2006","format":false,"excerpt":"Domenica \u00e8 stato inaugurato il nuovo sito di SWG. Progetto al quale ho collaborato attivamente negli ultimi mesi facendo un lavoro di taglia e cuci con alcuni plugin per WordPress e riadattando il layout a template per lo stesso. Nello specifico vado molto fiero dell'homepage dove vengono caricati i feed\u2026","rel":"","context":"In &quot;php&quot;","block_context":{"text":"php","link":"https:\/\/www.fullo.net\/blog\/category\/tecnologia\/php\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/2088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/comments?post=2088"}],"version-history":[{"count":0,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/posts\/2088\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/media?parent=2088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/categories?post=2088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fullo.net\/blog\/wp-json\/wp\/v2\/tags?post=2088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}