[wp-testers] c99shell.php and uploading php files
Lloyd D Budd
lloydomattic at gmail.com
Fri Nov 3 05:23:02 GMT 2006
On 11/2/06, Rick Beckman <rick.beckman at gmail.com> wrote:
> Using 2.0.5, I have had my whole hosting account wiped out twice via a user
> being able to upload a script (commonly called c99shell.php) which is able
> to do a number of malicious things. From what I have seen online via a few
> Google searches, users are able to upload via the File Upload in the
> Wordpress admin without logging in.
I do not know of a way to upload without logging in. Upload a php file
without appropriate privileges? nor could I find information doing
Google searches?
If you have found a security flaw email security at wordpress.org with
the information first.
More information about the wp-testers
mailing list