[wp-hackers] Sql injection admin hash disclosure exploit for
mark.wordpress at txfx.net
Thu Jan 11 08:04:28 GMT 2007
On Jan 10, 2007, at 6:01 AM, martin at wiso.cz wrote:
> Does anyone test it? I have to say that for some of my
> installations of WP
> it works and for other not. I did some quick fix for this specific
> exploit, but it is not ideal...
It depends on your PHP version and you need register_globals on. It
has been fixed in WordPress 2.0.7 RC1.
Covered Web Services
More information about the wp-hackers