[wp-hackers] Possible vulnerability with the plugin system

Otto otto at ottodestruct.com
Thu Dec 6 21:31:41 GMT 2007

Could this still be potentially dangerous with the .. modifier?
Basically this will allow them to execute any PHP file on your server
in your context, no? Might be an issue with shared servers.


On 12/6/07, Andy Skelton <skeltoac at gmail.com> wrote:
> Super-interesting: http://www.sitepoint.com/blogs/2006/10/06/php-mapreduce/
> Clicking "This search" in that article, I found the exact code at
> issue in this Hackers thread. Fortunately the $_GET parameter is
> appended to a known path, rendering this exploit unusable.
> Cheers,
> Andy
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list