[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Ken Newman Ken at adcSTUDIO.com
Thu Nov 12 22:26:07 UTC 2009


Perhaps he meant that the plugin would change that .htaccess setting or 
add the one you suggested:

RemoveHandler application/x-httpd-php .php
<FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
   SetHandler application/x-httpd-php-source
</FilesMatch>

On 11/12/2009 5:17 PM, Otto wrote:
> On Thu, Nov 12, 2009 at 4:12 PM, Eric Marden<wp at xentek.net>  wrote:
>    
>> Sounds like it would make a good plugin ;)
>>      
> Can't be a plugin. The .php.jpg executing problem is in Apache,
> bypassing WordPress entirely. All WP does is provide a path to upload
> the file.
>
>
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>    



More information about the wp-hackers mailing list