[wp-hackers] Exploit again!
Matthew Mullenweg
m at mullenweg.com
Wed Aug 17 09:28:04 GMT 2005
Podz wrote:
> "Just as little warning to all those now installing 1.5.2
>
> WordPress 1.5.2 does not fix the remote code execution vulnerability. It
> just renders the published exploit useless.
>
> After inserting 10 magic characters into the exploit it will still work
> against 1.5.2 "
>
> http://wordpress.org/support/topic/41866?page=1#post-236420
I can happily confirm that this is NOT an issue in 1.5.2, it was fixed
as soon as he reported it which was after my initial build but before
anyone had really downloaded it. If you were on IRC and grabbed it right
away and have register globals on and don't have mod_security you may
want to check to see if your wp-settings.php matches [2783].
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com
More information about the wp-hackers
mailing list