[wp-hackers] Exploit again!
Michael D Adams
mikea at turbonet.com
Wed Aug 17 22:12:03 GMT 2005
I don't know when/how things happened, but I don't think Esser's
point can be quite so easily dismissed. What he brings up is not
uncompelling (... that can't be a word).
By the timestamps:
Dev blog post: Sun, 14 Aug 2005 23:17:29 +0000
Rev 2783: Mon, 15 Aug 2005 03:57:54 GMT
If the people that know say it's not an issue, that's ok by me. But
that view should be explained more clearly than "this happened before
that", when it looks like the opposite is true. (I say "looks like"
because I suppose there could be some bad time settings out there.)
Michael
--mdawaffe
On Aug 17, 2005, at 9:35 AM, Dougal Campbell wrote:
> Podz wrote:
>
>> "Just as little warning to all those now installing 1.5.2
>> WordPress 1.5.2 does not fix the remote code execution
>> vulnerability. It just renders the published exploit useless.
>> After inserting 10 magic characters into the exploit it will still
>> work against 1.5.2 "
>
> Nope. There *was* a still-vulnerable version online for a *very*
> short time frame, but it was corrected before any announcements
> were made.
>
> The WP 1.5.2 archive currently available (which has been up since
> before the official announcement was made on the dev blog) does
> *not* contain the vulnerability.
More information about the wp-hackers
mailing list