[wp-hackers] Sql injection admin hash disclosure exploit for
wp-trackback.php
"Roland Häder"
r.haeder at will-hier-weg.de
Thu Jan 11 08:13:37 GMT 2007
I suppose "register_globals on" *is* the security hole? ;) If your application requires register_globals turned on, then please rewrite by your own (if allowed by the included license) or search for an alternative. "register_globals on" is bad (in combination with other PHP options a nightmare).
Roland
>
> It depends on your PHP version and you need register_globals on. It
> has been fixed in WordPress 2.0.7 RC1.
>
> Info here:
>
> http://comox.textdrive.com/pipermail/wp-testers/2007-January/003644.html
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
More information about the wp-hackers
mailing list