[wp-forums] Exploit report
Peter Westwood
peter.westwood at ftwr.co.uk
Fri May 26 22:00:24 GMT 2006
Hi Guys,
In terms of the exploit AFAIK it only works if all the following are
satisfied:
1. You have enabled the caching of db info to disk which is disabled by
default in 2.0.2
2. You have a simple /null database password - need to make the filename
of the cache file guessable
3. You have user registration enabled.
Ryan has commited a fix to trunk and the 2.0 branch which we hacked up
earlier.
westi
--
Peter Westwood
http://blog.ftwr.co.uk
More information about the wp-forums
mailing list