[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Chris Jean gaarai at gaarai.com
Thu Nov 12 17:11:37 UTC 2009


I've just caught wind of this issue. Can I get more details on how to 
attempt the exploit? For example, if there is a file: exploit.php.jpg, 
do I simply request that file via the browser or is there a trick to it?

Chris Jean
http://gaarai.com/
@chrisjean



Otto wrote:
> I just confirmed on my friend's vulnerable host that this code in the
> .htaccess removed the vulnerability.
>
> RemoveHandler application/x-httpd-php .php
> <FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
>    SetHandler application/x-httpd-php
> </FilesMatch>
> <FilesMatch "\.phps$">
>   SetHandler application/x-httpd-php-source
> </FilesMatch>
>
> -Otto
> Sent from Memphis, TN, United States
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>   


More information about the wp-hackers mailing list