[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
Ken Newman
Ken at adcSTUDIO.com
Thu Nov 12 22:26:07 UTC 2009
Perhaps he meant that the plugin would change that .htaccess setting or
add the one you suggested:
RemoveHandler application/x-httpd-php .php
<FilesMatch "\.php$|\.php5$|\.php4$|\.php3$|\.phtml$|\.phpt$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
On 11/12/2009 5:17 PM, Otto wrote:
> On Thu, Nov 12, 2009 at 4:12 PM, Eric Marden<wp at xentek.net> wrote:
>
>> Sounds like it would make a good plugin ;)
>>
> Can't be a plugin. The .php.jpg executing problem is in Apache,
> bypassing WordPress entirely. All WP does is provide a path to upload
> the file.
>
>
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list