[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Otto otto at ottodestruct.com
Thu Nov 12 17:02:55 UTC 2009

I just confirmed on my friend's vulnerable host that this code in the
.htaccess removed the vulnerability.

RemoveHandler application/x-httpd-php .php
<FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
   SetHandler application/x-httpd-php
<FilesMatch "\.phps$">
  SetHandler application/x-httpd-php-source

Sent from Memphis, TN, United States

More information about the wp-hackers mailing list