С решение на СЕМ от 21 август 2006г. наименование на радио програмата - “РАДИО НОВА ЕВРОПА” се изменя на “РАДИО ЗИ-РОК” (Z-Rock) (http://z-rockbg.com). Така в националния радиоефир се появи нова радиопрограма - “ZRock” със специализиран музикален профил за рокмузика.
(more…)

Now they need your help!

Google - the corporate giant, now needs your help. No, no, they are too smart to pay you. Don’t think that they will make the same mistake again - paying you for adwords. They will give you a game, and you will play it. And when you play this game you will help them …. to tag their huge image database … for free. Sounds good, ah ?
(more…)

It seems that Wordpress continues to miss essential checks in the source code. This time the bug is NOT critical as this.

An example URL was released in Bugtraq this morning, but the idea is that there are no checks if the “paged” parameter in the URL has a positive or negative value.

You can try the injection on Wordpress 2.0.3 requesting http://www.yourblog.com/?paged=-1

Browsing my access_log, I have to make a remark - “www.yourblog.com”, doesn’t mean “www.cafe-sofia.com” :-) I’ve patched mine with the method below :)

With the default settings of the installation you will see something like this: WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20, 10' at line 1]
SELECT DISTINCT * FROM _posts WHERE 1=1 AND post_date_gmt <= '2006-09-07 15:33:59' AND (post_status = "publish" OR post_author = 1 AND post_status != 'draft' AND post_status != 'static') AND post_status != "attachment" GROUP BY _posts.ID ORDER BY post_date DESC LIMIT -20, 10

The good news is that there is a check in the code if the “paged” param is integer (passing other symbols may cause SEVERE injection).

If you don’t want your blog to output errors. just modify the file ‘wp-db.php’ line 113 and change the line from "$this->show_errors = true" to "$this->show_errors = false"