[wp-hackers] RE: A quick update on the security issue I'd
mentioned today
Matt Mullenweg
m at mullenweg.com
Mon Apr 24 20:28:04 GMT 2006
Brian Layman wrote:
> Frankly, I'm glad I was misled on ease of cookie stealing through CSRF. It
> is that easy through XSS, but XSS is easy to protect against too. If CSRF
> could get cookies as it first appeared, just about anything would have been
> vulnerable. I'd rather appear an alarmist (as I unfortunatley do right now
> - sorry) than to have that big of a hole there. The current situation is
> not ideal, but it sure limits the vulnerable systems. That was another
> reason why I kept the details off of the public list. Creating a panic,
> even if this hole was as big as I initially thought it was, would have
> served no purpose.
If the attacker is able to upload and execute a file on the server, it's
already far beyond where we could do anything on the WordPress level to
protect that site. What you describe is a pretty clever hack once things
are already on the server, though. Thanks for continuing to investigate
this.
--
Matt Mullenweg
http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com
More information about the wp-hackers
mailing list