[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
Otto
otto at ottodestruct.com
Thu Nov 12 17:02:55 UTC 2009
I just confirmed on my friend's vulnerable host that this code in the
.htaccess removed the vulnerability.
RemoveHandler application/x-httpd-php .php
<FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
-Otto
Sent from Memphis, TN, United States
More information about the wp-hackers
mailing list