[wp-hackers] Exploit again!

Michael D Adams mikea at turbonet.com
Wed Aug 17 22:12:03 GMT 2005

I don't know when/how things happened, but I don't think Esser's  
point can be quite so easily dismissed.  What he brings up is not  
uncompelling (... that can't be a word).

By the timestamps:
Dev blog post: Sun, 14 Aug 2005 23:17:29 +0000
Rev 2783: Mon, 15 Aug 2005 03:57:54 GMT

If the people that know say it's not an issue, that's ok by me.  But  
that view should be explained more clearly than "this happened before  
that", when it looks like the opposite is true.  (I say "looks like"  
because I suppose there could be some bad time settings out there.)


On Aug 17, 2005, at 9:35 AM, Dougal Campbell wrote:

> Podz wrote:
>> "Just as little warning to all those now installing 1.5.2
>> WordPress 1.5.2 does not fix the remote code execution  
>> vulnerability. It just renders the published exploit useless.
>> After inserting 10 magic characters into the exploit it will still  
>> work against 1.5.2 "
> Nope. There *was* a still-vulnerable version online for a *very*  
> short time frame, but it was corrected before any announcements  
> were made.
> The WP 1.5.2 archive currently available (which has been up since  
> before the official announcement was made on the dev blog) does  
> *not* contain the vulnerability.

More information about the wp-hackers mailing list