[wp-hackers] Exploit again!

Matthew Mullenweg m at mullenweg.com
Wed Aug 17 09:28:04 GMT 2005

Podz wrote:
> "Just as little warning to all those now installing 1.5.2
> WordPress 1.5.2 does not fix the remote code execution vulnerability. It 
> just renders the published exploit useless.
> After inserting 10 magic characters into the exploit it will still work 
> against 1.5.2 "
> http://wordpress.org/support/topic/41866?page=1#post-236420

I can happily confirm that this is NOT an issue in 1.5.2, it was fixed 
as soon as he reported it which was after my initial build but before 
anyone had really downloaded it. If you were on IRC and grabbed it right 
away and have register globals on and don't have mod_security you may 
want to check to see if your wp-settings.php matches [2783].

Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://pingomatic.com | http://cnet.com

More information about the wp-hackers mailing list