[wp-trac] Re: [WordPress Trac] #5487: query.php mistakenly uses
is_admin() to check for admin privileges
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 23 06:53:47 GMT 2007
#5487: query.php mistakenly uses is_admin() to check for admin privileges
---------------------------------------------------+------------------------
Reporter: pishmishy | Owner: pishmishy
Type: defect | Status: closed
Priority: high | Milestone: 2.3.2
Component: Security | Version: 2.3.1
Severity: major | Resolution: fixed
Keywords: query is_admin has-patch dev-feedback |
---------------------------------------------------+------------------------
Old description:
> 1. Create a draft post
> 2. Log out
> 3. Visit http://yourblog.com/index.php/wp-admin/
> - is_admin() spots the wp-admin in the request and returns true
> - query.php uses is_admin() to decide to return future, draft or pending
> posts
> 4. Future, draft and pending posts are displayed.
>
> This doesn't require the ' in the request string as reported on Bugtraq.
>
> See http://www.securityfocus.com/archive/1/485252/30/0/threaded
New description:
1. Create a draft post
2. Log out
3. Visit http://yourblog.com/index.php/wp-admin/
- is_admin() spots the wp-admin in the request and returns true
- query.php uses is_admin() to decide to return future, draft or pending
posts
4. Future, draft and pending posts are displayed.
This doesn't require the ' in the request string as reported on Bugtraq.
See http://www.securityfocus.com/archive/1/485252/30/0/threaded
12/22 additional disclosure, with trivial, popular example:
http://www.blackhatdomainer.com/how-to-know-today-what-shoemoney-is-going-
to-post-tomorrow/
--
Ticket URL: <http://trac.wordpress.org/ticket/5487#comment:14>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list