Patch for Host Overflow Application eXception
I have crafted a simple Wordpress plugin to patch the Host Overflow Application eXception vulnerability. The vulnerability enabled me to take advantage of an unchecked buffer to post blog entries. It really is a simple fix, but I've encrypted the plugin contents so it is harder for people to exploit it.
The patch has been tested on the latest version of Wordpress, but I think it should work in 1.5 as well. Let me know if you believe your blog software is at risk and I will look into it.
Once the plugin is installed and activated you should see a notification box in your Wordpress admin console.
Update: Download link updated to work correctly
This was a joke played by myself and Randy. It was harmless and designed to cause people to more carefully check what Wordpress plugins they install.
Wrote on October 3, 2006 @ 12:32 pm
Jason, the plug-in appears to be 404.
Wrote on October 3, 2006 @ 2:52 pm
I updated the link and it should now work fine. I was just missing the “http” in the url.
Wrote on October 9, 2006 @ 4:51 am
Host Overflow Application eXception = HOAX? ;)
Wrote on October 9, 2006 @ 12:05 pm
[...] Jason Schramm and Randy Morin ran some funny posts about Host Overflow Application eXception, a supposed vulnerability in blog posting systems that let you hack into a blog and post on it. It wasn’t real, and it wasn’t supposed to fool anyone (read the capitalized letter: H-O-A-X. Do I have to paint a picture?), and quite a few bloggers got into the fun, posting hacked posts on their blog (including me). Jason even posted a “patch” that posted in your blog’s footer: Host Overflow Application eXcepton = HOAX You are gullible, but what if this plugin was malicious? [...]