[wp-hackers] Exploit, or no?
ryan at boren.nu
Tue Jun 28 22:52:31 GMT 2005
> And to Ryan/Matt, if you would like another set of eyes to review code
> for that exploit, I'll be available today and tomorrow.
We went ahead and commited for 1.5 and 1.6. Please review and test.
The problem is with XMLRPC args not being escaped because they come in
through raw post data, thus avoiding magic quoting.
If you want to try it out, you can svn update from the 1.5 branch or
download the two updated files. Just drop them on top of 126.96.36.199.
More information about the wp-hackers