[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

[Thomas Scholz]

Otto:

> This seems like an Apache configuration problem to me. There are no
> circumstances I can think of where I'd want test.php.jpg to be
> executed as PHP by Apache.

This is a result of

	Options +MultiViews

in the .htaccess. A useful setting for Content-Negotiation or references  
to files without any suffix.

It is a very common setting too, so this bug should be fixed in the WP  
core.

Thomas

-- 
Redaktion, Druck- und Webdesign
http://toscho.de · 0160/1764727
Twitter: @toscho