[wp-hackers] Wordpress 1.2.2 XSS Vulnerabilities
Randy Peterman
randy at randypeterman.com
Fri Feb 4 16:35:26 GMT 2005
PHP-Warnings:
/wp.php?author=bla
/wp-commentsrss2.php?p=999999
/wp-admin/options.php?option_group_id=1888
/wp-admin/post.php?action=edit&post=2890000000000
All of these do produce PHP Errors.
Not being a high 'Grand Poobah'* in the whole chain I can't be quoted as
authoritative. However, I think that the priority is that WP be self
consistent so that it doesn't generate those links unless users bork**
something themselves.
I don't think that everything that isn't handled should be ignored, but
I also think that it needs to be a lower priority compared to other
things like implementing smarter, faster code that may make fixing the
other bugs simpler. It will most likely be addressed, but it's not a
high priority compared to some other issues and features.
Regards,
Randy Peterman
Digital Research & Development
www.randypeterman.com
randy at randypeterman.com
* Grand Poobah should be a Flintstones reference if memory serves me.
** Bork may or may not be a Swedish Chef reference from Jim Henson's
Muppets.
More information about the hackers
mailing list