[wp-hackers] Security Vulnerability found - Forum Post

denis at semiologic.com denis at semiologic.com
Thu Apr 14 08:27:11 GMT 2005

Quoting Kimmo Suominen <kim at tac.nyc.ny.us>:

> Since one could still save a file (e.g. a plugin or theme component)
> that outputs the contents of wp-config.php on a web page, is checking
> for DB_PASSWORD really that useful?

i second that... moreover, you could do all sorts of workarounds like:

echo constant("D"."B"."_"."P"."A"."S"."S"."W"."O"."R"."D");

ah well... the more paranoid know better than leaving the file editor anyway.


This message was sent using IMP, the Internet Messaging Program.

More information about the wp-hackers mailing list