[wp-testers] c99shell.php and uploading php files
Jeremy Visser
jeremy.visser at gmail.com
Fri Nov 3 11:51:37 GMT 2006
On Thu, 2006-11-02 at 20:03 -0500, Rick Beckman wrote:
> Nope; I never wanted to complicate things beyond the Wordpress image
> uploader. Plugins in use included:
> [...] WP Slimstat [...]
I use WP-SlimStat and love it, although I know that it is _full_ of
bugs. I know that the plugin author is busy, so it hasn't been updated
in ages. I wouldn't be surprised if that were the attack vector. I know
for a fact that it is vulnerable to HTML injection via the Referer
checking.
--
Jeremy Visser
Email: jeremy.visser at gmail.com GPG id: CF13C41A
Website: http://narnia.bounceme.net/jeremy/
More information about the wp-testers
mailing list