[wp-hackers] [email@example.com: Debian
Wordpresspackage exploitable by GeSHi local PHP file inclusion?]
wp at igeek.info
Fri Sep 30 07:10:48 GMT 2005
Robert Deaton <false.hopes at gmail.com> wrote:
| This looks like a problem with Geshi, which is apparently a mod for
| WordPress that adds some sort of syntax highlighting, and is
| to WordPress itself since Geshi is vunerable on multiple platforms.
this is indeed GeSHi's problem & those who use GeSHi as it is are
by it. My plugin iG:Syntax Hiliter isn't affected by it as the bug is in
'./contrib/example.php' file. This whole directory is not included in
ZIP and doesn't need to be present on a webserver for GeSHi to be
operational. So those who are not simply the types of "upload everything
the ZIP, no matter if you use it or not" won't possibly suffer from this
I've however sent this bug to the Nigel(GeSHi developer) who'll look
into it to see whether this bug extends to the GeSHi core.
Peter Westwood <peter.westwood at ftwr.co.uk> wrote:
| GeSHi is a generic syntax hilighter as far as I could tell when this
| came up on the support forums yesterday.
| There is at least one plugin that uses it that _may_ be affected:
no, that plugin is also not affected as far as I can say as that also
include the 'contrib' directory in the plugin-package
http://igeek.info/ || http://blog.igeek.info/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wp-hackers