[wp-trac] [WordPress Trac] #9750: setup-config.php is tainted by
request data
WordPress Trac
wp-trac at lists.automattic.com
Thu May 7 12:00:59 GMT 2009
#9750: setup-config.php is tainted by request data
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8
Component: Security | Version: 2.8
Severity: normal | Keywords: has-patch 2nd-opinion
--------------------------+-------------------------------------------------
just stumbeled over it and think this should be prevented: setup-
config.php uses relative include pathes. those can be manipulated by
adding an additional slash after .php in the requests URL:
Example: http://example.com/wp-admin/setup-config.php/?step=1
relative file pathes should be based on ABSPATH which is defined there as
well.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9750>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list