[wp-hackers] WordPress Charset SQL Injection Vulnerability
Lloyd Budd
lloydomattic at gmail.com
Mon Dec 17 16:02:52 GMT 2007
On Dec 16, 2007 11:57 AM, Abel Cheung <abelcheung at gmail.com> wrote:
> On Dec 16, 2007 2:27 AM, Lloyd Budd <lloydomattic at gmail.com> wrote:
> > > Unsure why I failed to reply this sooner. Getting table prefix is so
> > > trivial for newer wordpress:
> > >
> > > /?feed=rss2&p=-1
> >
> > As trivial as? This is a bit of an annoying way to present a software
> > bug. Anyway, thank you very much for letting us know about this!
>
> Annoying? This has been fully disclosed to public since July:
>
> http://blogsecurity.net/news/news-110707/
Absolutely annoying! This isn't directed at you, but a more general
observation, if people want to represent themselves to be a high
standards of professional developers, particularly software security
experts, then any public disclosure should include reporting
information -- particularly when there is a *public* bug tracker.
Thank you,
Lloyd
More information about the wp-hackers
mailing list