[wp-hackers] Maybe a secure-hole
Frank Bueltge
frank at bueltge.de
Thu Oct 9 06:55:04 GMT 2008
When you include a link to the authro and activate the permalink, then
you became a link to the login-name of the author.
This is a secure-hole. Hackers use this login-namer and searc h for
the password.
examble:
<a href="http://localhost/wpbeta/author/admin/" title="Posts by Frank
Bueltge">Frank Bueltge</a>
Link to:
http://localhost/wpbeta/author/admin/
admin is the login-name and the author had set the name in the Blog on
your namen and surename.
maybe it is possible to cahnge this in 2.7?
* Sorry for my bad english, i hope your understand me.
Best wishes
More information about the wp-hackers
mailing list