[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
Pete Mall
pete at jointforcestech.com
Thu Nov 12 21:53:27 UTC 2009
there are not gonna fix it anytime soon... its being used a lot for
legitimate purposes
On Thu, Nov 12, 2009 at 1:50 PM, Otto <otto at ottodestruct.com> wrote:
> On Thu, Nov 12, 2009 at 3:26 PM, Robert Pendell
> <shinji at elite-systems.org> wrote:
> > Ok. I'm curious here. Does this only affect configurations that use php
> as
> > an Apache module? That's what those instructions dictate. Here is my
> > configuration and it isn't affected even with MultiViews on. I am
> running
> > php as a fastcgi binary.
> >
> > .htaccess:
> > AddHandler fastcgi-script fcg fcgi fpl
> > AddHandler php5-fastcgi .php
> > Action php5-fastcgi /php5-wrapper.fcgi
>
> I have no idea what specific configurations it is under, however I did
> find this interesting tidbit:
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=43372
>
> Looks like Apache has no intention of correcting this misfeature.
>
> -Otto
> Sent from Memphis, TN, United States
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list