[wp-hackers] [Fwd: Re: Wordpress 1.2.2 is still vulnerable]
Kitty
kitty at mookitty.co.uk
Wed Dec 22 03:10:36 UTC 2004
Was this brought up with the devs before hitting Bugtraq?
-----Forwarded Message-----
From: Thomas Waldegger <bugtraq at morph3us.org>
To: bugtraq at securityfocus.com
Subject: Re: Wordpress 1.2.2 is still vulnerable
Date: Tue, 21 Dec 2004 21:56:51 +0000
In-Reply-To: <20041216062119.9218.qmail at www.securityfocus.com>
Sry, but it's getting ridiculous.
The new releases of wordpress - 1.2.2 stable and
1.3-alpha-5 unstable - are still vulnerable for
some bugs I mentioned in my last message.
XSS:
/wp-login.php?action=login&redirect_to=[XSS]
/wp-admin/templates.php?file=[XSS]
/wp-admin/post.php?content=[XSS]
SQL Errors:
/index.php?m=bla
/wp-admin/edit.php?m=bla
PHP-Warnings:
/wp.php?author=bla
/wp-commentsrss2.php?p=999999
/wp-admin/options.php?option_group_id=1888
/wp-admin/post.php?action=edit&post=2890000000000
--
Cheers, Blog: http://blog.mookitty.co.uk
Kitty PC Repair: http://www.girltech.net
WP Plugins: http://mookitty.co.uk/devblog
Support proactive security: http://www.openbsd.org/orders.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : /pipermail/hackers_wordpress.org/attachments/20041221/2e65011a/attachment.bin
More information about the hackers
mailing list