[wp-trac] [WordPress Trac] #11717: Access to automatic database repair/optimize with admin rights
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 5 21:35:07 UTC 2010
#11717: Access to automatic database repair/optimize with admin rights
-------------------------+--------------------------------------------------
Reporter: neoxx | Owner: ryan
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Database | Version: 2.9.1
Severity: normal | Keywords: repair, db, has-patch
-------------------------+--------------------------------------------------
Comment(by dd32):
> Moreover, I don't think that a crashed users table will return a working
user's object which holds an admin status, but this would definitely be an
interesting attacking scenario. ;)
I was thinking of:
* users table crashes
* User visits repair page
* User doesnt have constant defined
* File then checks for current_user_can()
* Database error occurs
* ???
* Database error message is shown and thats that? - Ie. no "Please
define this constant. blahblah"
* current_user_can returns false and the "please define this constant
blahblah" IS shown.
Not too sure how to simulate a crashed table myself..
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11717#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list