[wp-hackers] Security: Oracle and WordPress
David Chait
davebytes at comcast.net
Thu Jun 22 19:10:44 GMT 2006
I believe it requires the wp caching be enabled (which is now off by default
if I recall correclt, and frankly it should be ripped out, only ever put
back in by a knowledgable sysadmin!), plus a specific comment-subscription
plugin.
That said, it's a good read on hash vulnerabilities, and the problems of
multiple 'people' using the same hashes opening up potential security holes.
Thus always add something unique to your hash. ;)
-d
----- Original Message -----
From: "Roy Schestowitz" <r at schestowitz.com>
To: "WP-Hackers" <wp-hackers at lists.automattic.com>
Sent: Thursday, June 22, 2006 2:27 PM
Subject: [wp-hackers] Security: Oracle and WordPress
| The following has just cropped up in the Topix Computer Science feed (6
| hours ago). I thought I'd share it, just in case it needs to be addressed.
|
| Oracle attack on Wordpress
|
| ,----[ Quote ]
|| This post describes the second of two vulnerabilities I found in
|| Wordpress. The first, a XSS vulnerability, was described last week. While
|| the vulnerability discussed here is applicable in fewer cases than the
|| previous one, it is an example of a comparatively rare class, oracle
|| attacks, so I think merits further exposition.
| `----
|
| http://www.lightbluetouchpaper.org/2006/06/22/oracle-attack-on-wordpress/
| _______________________________________________
| wp-hackers mailing list
| wp-hackers at lists.automattic.com
| http://lists.automattic.com/mailman/listinfo/wp-hackers
|
More information about the wp-hackers
mailing list