[wp-hackers] Sql injection admin hash disclosure exploit for wp-trackback.php

"Roland Häder" r.haeder at will-hier-weg.de
Thu Jan 11 08:13:37 GMT 2007

I suppose "register_globals on" *is* the security hole? ;) If your application requires register_globals turned on, then please rewrite by your own (if allowed by the included license) or search for an alternative. "register_globals on" is bad (in combination with other PHP options a nightmare).

> It depends on your PHP version and you need register_globals on.  It  
> has been fixed in WordPress 2.0.7 RC1.
> Info here:
> http://comox.textdrive.com/pipermail/wp-testers/2007-January/003644.html

Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

More information about the wp-hackers mailing list