[wp-hackers] FW: [BugTraq] WordPress v2.1.3 >> remote file include~

Chris Meller chris at doesnthaveone.com
Thu Apr 26 02:01:53 GMT 2007


Yeah, I don't really see what's supposed to happen here either...


On Apr 25, 2007, at 9:55 PM, Aaron Brazell wrote:

> Perhaps I'm missing something here, but I can't duplicate on 2.1.3  
> or trunk...
> --
> Aaron Brazell
> Director of Technology, b5media
> "A Global New Media Company"
>
> web:: www.b5media.com, www.technosailor.com
> phone:: 410-608-6620
> skype:: technosailor
>
>
>
>
> On Apr 25, 2007, at 9:37 PM, Ross M. W. Bennetts wrote:
>
>> -----Original Message-----
>> From: s433d_only_linux at yahoo.de [mailto:s433d_only_linux at yahoo.de]
>> Sent: Wednesday, 25 April 2007 6:18 PM
>> To: bugtraq at securityfocus.com
>> Subject: WordPress v2.1.3 >> remote file include~
>>
>> by : www.hackeraz.ir userz , saeid...
>> ++++++++++++++++++++++++++++++++++++
>> ####################################################
>> #WordPress >> 2.1.3         Remote File Inclusion  #
>> ####################################################
>> Affected Software .: WordPress >> 2.1.3            #
>> Download..: http://wordpress-deutschland.org       #
>> Risk ..............: high                          #
>> Date .........: 25/4/2007                          #
>> Found by ..........: s433d_only_linux              #
>> Contact ...........: s433d_only_linux at yahoo.de     #
>> Web .............: Www.hackerz.ir                  #
>> special thanx ........... Ali Jasbi my beste friend#
>> ####################################################
>> Affected File:                                     #
>> wordpress/wp-settings.php	                         #
>> wordpress/wp-includes/template-loader.php	         #
>> wordpress/wp-includes/theme.php	                   #
>> ####################################################
>> Exploit:
>> wordpress/wp-settings.php?require_once=shell?
>> wordpress/wp-includes/template-loader.php?include=shell?
>> wordpress/wp-includes/theme.php?require_once=shell?
>> ######################################################
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list