[wp-trac] Re: [WordPress Trac] #3142: user_edit.php vulnerable:
User can spy out metadata of other users
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 18 18:30:39 GMT 2006
#3142: user_edit.php vulnerable: User can spy out metadata of other users
-------------------------------+--------------------------------------------
Reporter: adapter | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.1
Component: Administration | Version: 2.0.4
Severity: major | Resolution:
Keywords: bug vulnerability |
-------------------------------+--------------------------------------------
Comment (by adapter):
That could be another bug.
The whole story: user-edit didn't work on my wordpress-blog www.poplog.de.
Tried to edit users other than mine, but always I got the edit-form for my
user though I'm the admin. Checked the code of user-edit.php and saw that
there are two variables in use:
$user_id (ID of the user to edit)
and
$user_ID (ID of the user looged in = in this case: admin-ID = 1)
The values of both were 1 irrespective the value of user_id in the query
string.
Maybe configuration of PHP is the reason for this. PHP on this server
doesn't work case sensitive. Therefore I found the bug described above.
--
Ticket URL: <http://trac.wordpress.org/ticket/3142>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list