[wp-hackers] FW: [BugTraq] Word Press Sensitive Directory exposure (SQL)

Alan J Castonguay alan at verselogic.net
Fri Mar 9 01:20:58 GMT 2007


A lot of files that are normally included have no code in the global 
space, only in functions. admin-functions.php is an exception. This is 
for the variable '$wp_file_descriptions', which seems to only be 
accessed by the function get_file_description() 
http://trac.wordpress.org/browser/trunk/wp-admin/admin-functions.php#L1617.

Is there a reason that $wp_file_descriptions is defined in the global 
namespace?

Nothing to do with SQL here though..

Ross M. W. Bennetts wrote:
> This (below) looks like nothing, but I'm forwarding it to let people know
> that they are still talking about us on the Symantec SecurityFocus BugTraq
> list.
>
> Ross M. W. Bennetts
> Web Editor
> Information Technology Directorate
> University of New England
> Armidale, Australia.
>
> -----Original Message-----
> From: r00t2000 at hush.com [mailto:r00t2000 at hush.com] 
> Sent: Thursday, 8 March 2007 7:21 PM
> To: bugtraq at securityfocus.com
> Subject: Word Press Sensitive Directory exposure (SQL)
>
> #Found By: r00t[ati]
>
> #Web App: Word Press
>
> #Version(s): unknown
>
> #Level: low
>
> #File Name: admin-functions.php
>
> //SQL EXAMPLE ERROR:
>
> Fatal error: Call to undefined function __() in
> /usr/local/www/****/data/wp-admin/admin-functions.php on line 1593
>
>
> Thanks,
>
> r00t
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>   


-- 
Alan J Castonguay
 519.567.2633



More information about the wp-hackers mailing list