[wp-hackers] Exploit again!

Dougal Campbell dougal at gunters.org
Wed Aug 17 16:35:48 GMT 2005


Podz wrote:
> "Just as little warning to all those now installing 1.5.2
> 
> WordPress 1.5.2 does not fix the remote code execution vulnerability. It 
> just renders the published exploit useless.
> 
> After inserting 10 magic characters into the exploit it will still work 
> against 1.5.2 "

Nope. There *was* a still-vulnerable version online for a *very* short 
time frame, but it was corrected before any announcements were made.

The WP 1.5.2 archive currently available (which has been up since before 
the official announcement was made on the dev blog) does *not* contain 
the vulnerability.


-- 
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/



More information about the wp-hackers mailing list