[wp-hackers] Rethinking check_admin_referer()

Sam Angove sam at rephrase.net
Sat Apr 22 01:33:52 GMT 2006

On 4/22/06, Owen Winkler <ringmaster at midnightcircus.com> wrote:
> I don't mind criticism, but I'm not keen on people alluding to severe
> security issues like revealing the database password without having
> something other than raw speculation to back it up.  Patch in this diff
> and test it, and when you find the vulnerability you're worried about,
> then we'll talk.

For token `md5($end . DB_PASS . $action . $uid)`, can't you do:

foreach ($dictionary as $word) {
	if (md5($known_time . $word . $known_action . $known_uid) == $known_nonce) {
		echo "omg! the db password is $word !!!1";


More information about the wp-hackers mailing list