[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
Otto
otto at ottodestruct.com
Thu Nov 12 21:50:19 UTC 2009
On Thu, Nov 12, 2009 at 3:26 PM, Robert Pendell
<shinji at elite-systems.org> wrote:
> Ok. I'm curious here. Does this only affect configurations that use php as
> an Apache module? That's what those instructions dictate. Here is my
> configuration and it isn't affected even with MultiViews on. I am running
> php as a fastcgi binary.
>
> .htaccess:
> AddHandler fastcgi-script fcg fcgi fpl
> AddHandler php5-fastcgi .php
> Action php5-fastcgi /php5-wrapper.fcgi
I have no idea what specific configurations it is under, however I did
find this interesting tidbit:
https://issues.apache.org/bugzilla/show_bug.cgi?id=43372
Looks like Apache has no intention of correcting this misfeature.
-Otto
Sent from Memphis, TN, United States
More information about the wp-hackers
mailing list