[wp-hackers] Security: Oracle and WordPress
Doug Stewart
dstewart at atl.lmco.com
Thu Jun 22 19:08:14 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Roy Schestowitz wrote:
> The following has just cropped up in the Topix Computer Science feed (6
> hours ago). I thought I'd share it, just in case it needs to be addressed.
>
> Oracle attack on Wordpress
>
> ,----[ Quote ]
> | This post describes the second of two vulnerabilities I found in
> | Wordpress. The first, a XSS vulnerability, was described last week. While
> | the vulnerability discussed here is applicable in fewer cases than the
> | previous one, it is an example of a comparatively rare class, oracle
> | attacks, so I think merits further exposition.
> `----
>
> http://www.lightbluetouchpaper.org/2006/06/22/oracle-attack-on-wordpress/
AFAICS, that vulnerability isn't a WordPress one, but rather a flaw in
Mark's Subscribe to Comments.
- --
- ----------
Doug Stewart
Senior Systems Administrator/Web Applications Developer
Lockheed Martin Advanced Technology Labs
dstewart at atl.lmco.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEmuqeN50Q8DVvcvkRAvNMAJ0QIIHqPkN0BK19YzTpbuRpk/tTwACfXEAI
TXNM29B/DkieVgi6EYakazA=
=7gc5
-----END PGP SIGNATURE-----
More information about the wp-hackers
mailing list