The Butterfly Effect (2)

Antonio Fontes / Blog / Conseil / Communication / Genève / HEG / Intelligence et guerre économique / Management et sécurité de l'information / NTIC / Sécurité des applications web / Veille

<January 2009>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
25262728293031
1234567

Navigation

Subscriptions

Post Categories



Blogs (RSS)

Blogs
DNS Error messages with Wordpress admin

There’s a bug in Wordpress which prevents administrators to return into the wp-admin zone. Many conditions are required but I think some information I give hereby could help locating the critical path to reproduce it and also help working around it til it gets fixed. Below is a copy of a message sent to Wordpress support some minutes ago…

----

Hi all !

Some people noticed that there might be problems entering into the administrative section of a WP enabled site. They often tend to end in a DNS ERROR message, typically provided by Internet Explorer.

I think I found some informations which might lead to this bug fix.

I recently began having similar errors: DNS timeout, DNS error, and so on. Even when turning off http friendly messages option off would produce the same error so I guessed that would not be really an ‘error’.

Web development security is my job so… I can say that those errors already happened to me in during many audits. There’s only one solution to find a bug like this: sniffing the packets and trapping all requests and replies coming from/going to the server. If you want to try this, you can install an http proxy tool such as Achilles or Paros (requiring Java VM installed on your workstation).

Here is what I got: requesting an administrative page access leads into an infinite “header location” calls (response redirects) between auth.php and the requested page.

I can’t precisely enough isolate and reproduce the error yet, but I (almost sure) know that it is related to one factor: I have multiple blogs running on the same domain (www.nxtg.net) and this happens when I did some stuff as an admin in one of my blogs, then tried to switch to another blog as an admin.

Reproduction path was not found yet, but I found the workaround:

- explicitely logout when finishing your admin stuff
or
- delete your cookies

One of those two actions will allow you to access the administrative pages again.

Finally, I think the error is located into the cookie path or information stored in it.

Hope this can help…BTW, great great great job you’re doing with WP!!!

Cheers, regards, and all stuff…

.antoine

----

posted Friday, October 15, 2004 6:40 PM by saphyr with 0 Comments




Powered by Dot Net Junkies, by Telligent Systems