[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
dave at technicacreative.co.uk
Thu Nov 12 16:25:02 UTC 2009
I'm slightly confused since I thought the exploit allowed arbitrary
execution of PHP on the server. This is much worse than a XSS
execute a DDOS attack, delete your public_html directory from the
server or whatever.
i have no doubt that fixing this exploit is a good thing, however I
feel it slightly misses the point. That said, I have been unable to
replicate this exploit in the wild, even with Options +MultiVIews.
This is clearly and Apache/mis-configuration issue and if fixed in WP
will remain unfixed in countless other web applications. It would be
far better to ensure your host correctly configures Apache and doesn't
leave security holes in the server, or move to a host that does!
On 12 Nov 2009, at 16:18, Jacob Santos wrote:
> Okay, good news, we've fixed the extension exploit and then will
> have to wait another 6 to 8 months while another XSS attack shows up
> (which isn't completely bad since most / all administrative tasks
> requires a nonce).
More information about the wp-hackers