[wp-hackers] Security: Oracle and WordPress

Doug Stewart dstewart at atl.lmco.com
Thu Jun 22 19:08:14 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roy Schestowitz wrote:
> The following has just cropped up in the Topix Computer Science feed (6
> hours ago). I thought I'd share it, just in case it needs to be addressed.
> 
> Oracle attack on Wordpress
> 
> ,----[ Quote ]
> | This post describes the second of two vulnerabilities I found in
> | Wordpress. The first, a XSS vulnerability, was described last week. While
> | the vulnerability discussed here is applicable in fewer cases than the
> | previous one, it is an example of a comparatively rare class, oracle
> | attacks, so I think merits further exposition.
> `----
> 
> http://www.lightbluetouchpaper.org/2006/06/22/oracle-attack-on-wordpress/

AFAICS, that vulnerability isn't a WordPress one, but rather a flaw in
Mark's Subscribe to Comments.

- --
- ----------
Doug Stewart
Senior Systems Administrator/Web Applications Developer
Lockheed Martin Advanced Technology Labs
dstewart at atl.lmco.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEmuqeN50Q8DVvcvkRAvNMAJ0QIIHqPkN0BK19YzTpbuRpk/tTwACfXEAI
TXNM29B/DkieVgi6EYakazA=
=7gc5
-----END PGP SIGNATURE-----


More information about the wp-hackers mailing list