[wp-hackers] Exploit, or no?
Ryan Boren
ryan at boren.nu
Tue Jun 28 22:52:31 GMT 2005
> And to Ryan/Matt, if you would like another set of eyes to review code
> for that exploit, I'll be available today and tomorrow.
We went ahead and commited for 1.5 and 1.6. Please review and test.
http://trac.wordpress.org/changeset/2667
The problem is with XMLRPC args not being escaped because they come in
through raw post data, thus avoiding magic quoting.
If you want to try it out, you can svn update from the 1.5 branch or
download the two updated files. Just drop them on top of 1.5.1.2.
http://trac.wordpress.org/file/branches/1.5/xmlrpc.php?rev=2667&format=txt
http://trac.wordpress.org/file/branches/1.5/wp-includes/functions-post.php?rev=2667&format=txt
Ryan
More information about the wp-hackers
mailing list