[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Otto otto at ottodestruct.com
Thu Nov 12 22:17:47 UTC 2009


On Thu, Nov 12, 2009 at 4:12 PM, Eric Marden <wp at xentek.net> wrote:
> Sounds like it would make a good plugin ;)

Can't be a plugin. The .php.jpg executing problem is in Apache,
bypassing WordPress entirely. All WP does is provide a path to upload
the file.


-Otto


More information about the wp-hackers mailing list