[wp-hackers] Rethinking check_admin_referer()
Peter Westwood
peter.westwood at ftwr.co.uk
Tue Apr 18 21:06:05 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andy Skelton wrote:
> On 4/18/06, David House <dmhouse at gmail.com> wrote:
>> How about this:
>>
>> 1) Admin writes a post.
>> 2) Malicious user leaves a comment with an "image", whose source
>> redirecs to http://yoursite.com/wp-admin/post.php?action=delete&post=123
>> 3) Admin logs in
>> 4) Manage -> Comments
>> 5) Post is deleted.
>>
>> No need to be able to create drafts.
>
> POST method would fix this. Somebody remind me why we are using GET.
>
Indeed it would.
Maybe this is something that needs working of for a 2.0.3 release?!?
westi
- --
Peter Westwood
http://blog.ftwr.co.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFERVSgVPRdzag0AcURAknHAKCOGxT/E2RIsxOgD8mpsj+A9/K1swCgs/1l
oMgMhl7G0exqjAGOGKOndTs=
=S0FM
-----END PGP SIGNATURE-----
More information about the wp-hackers
mailing list