[wp-hackers] RE: A quick update on the security issue I'd mentioned today

Matt Mullenweg m at mullenweg.com
Mon Apr 24 20:28:04 GMT 2006

Brian Layman wrote:
> Frankly, I'm glad I was misled on ease of cookie stealing through CSRF.  It
> is that easy through XSS, but XSS is easy to protect against too.  If CSRF
> could get cookies as it first appeared, just about anything would have been
> vulnerable.  I'd rather appear an alarmist (as I unfortunatley do right now
> - sorry) than to have that big of a hole there.  The current situation is
> not ideal, but it sure limits the vulnerable systems.   That was another
> reason why I kept the details off of the public list.  Creating a panic,
> even if this hole was as big as I initially thought it was, would have
> served no purpose.

If the attacker is able to upload and execute a file on the server, it's 
already far beyond where we could do anything on the WordPress level to 
protect that site. What you describe is a pretty clever hack once things 
are already on the server, though. Thanks for continuing to investigate 

Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com

More information about the wp-hackers mailing list