[wp-hackers] Reputed XSS issue with WordPress (templates.php)

Petit petit at petitpub.com
Tue Feb 13 23:50:52 GMT 2007


Elliotte Harold wrote:
> Alex Günsche wrote:
>> Maybe so, but doesn't this fall into the "social engineering" category?
> And WordPress should enable social engineering attacks why exactly?
>
> Attackers don't play by the rules, or split hairs about what is and 
> isn't a legitimate route of attack, or which piece of software or 
> combination of different programs they attack.
It certainly shouldn't and needn't and attackers certainly don't.
Someone please explain to a naïv guy, why enabling the "Remeber me" 
function is bad habit.
The "me" part I'd believe means something, and that something shouldn't 
be "anyone".
/Petit



More information about the wp-hackers mailing list