[wp-hackers] Sql injection admin hash disclosure exploit for
wp-trackback.php
Mark Jaquith
mark.wordpress at txfx.net
Thu Jan 11 08:04:28 GMT 2007
On Jan 10, 2007, at 6:01 AM, martin at wiso.cz wrote:
> Does anyone test it? I have to say that for some of my
> installations of WP
> it works and for other not. I did some quick fix for this specific
> exploit, but it is not ideal...
It depends on your PHP version and you need register_globals on. It
has been fixed in WordPress 2.0.7 RC1.
Info here:
http://comox.textdrive.com/pipermail/wp-testers/2007-January/003644.html
--
Mark Jaquith
http://markjaquith.com/
Covered Web Services
http://covered.be/
More information about the wp-hackers
mailing list