[wp-hackers] Rethinking check_admin_referer()

Robert Deaton false.hopes at gmail.com
Wed Apr 19 17:29:41 GMT 2006


On 4/19/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> Sam Angove wrote:
>
> > Well, it's the same with doors and locks: the chance that someone will
> > exploit my unlocked door is infinitesimal.
>
> Only because no one's yet built a robot to quickly scan all doors in the
> neighborhood to see which are unlocked. The problem's quite a bit more
> serious for WordPress. :-(

A robot to scan your local WordPress neighborhood isn't quite so
possible either, because the particular vulnerability we're trying to
protect against has a certain prerequisite, you must somehow convince
a human to click a link or visit a page, infection isn't automated,
and so, as Matt said, this is an edge case.

--
--Robert Deaton
http://somethingunpredictable.com


More information about the wp-hackers mailing list