[wp-hackers] Sql injection admin hash disclosure exploit for wp-trackback.php

Mark Jaquith mark.wordpress at txfx.net
Thu Jan 11 08:04:28 GMT 2007

On Jan 10, 2007, at 6:01 AM, martin at wiso.cz wrote:

> Does anyone test it? I have to say that for some of my  
> installations of WP
> it works and for other not. I did some quick fix for this specific
> exploit, but it is not ideal...

It depends on your PHP version and you need register_globals on.  It  
has been fixed in WordPress 2.0.7 RC1.

Info here:


Mark Jaquith

Covered Web Services

More information about the wp-hackers mailing list