[wp-hackers] Rethinking check_admin_referer()
Sam Angove
sam at rephrase.net
Sat Apr 22 01:33:52 GMT 2006
On 4/22/06, Owen Winkler <ringmaster at midnightcircus.com> wrote:
>
> I don't mind criticism, but I'm not keen on people alluding to severe
> security issues like revealing the database password without having
> something other than raw speculation to back it up. Patch in this diff
> and test it, and when you find the vulnerability you're worried about,
> then we'll talk.
For token `md5($end . DB_PASS . $action . $uid)`, can't you do:
foreach ($dictionary as $word) {
if (md5($known_time . $word . $known_action . $known_uid) == $known_nonce) {
echo "omg! the db password is $word !!!1";
}
}
?
More information about the wp-hackers
mailing list