[wp-trac] Re: [WordPress Trac] #4627: Link manager exploit?

WordPress Trac wp-trac at lists.automattic.com
Fri Jul 20 16:38:20 GMT 2007


#4627: Link manager exploit?
----------------------+-----------------------------------------------------
 Reporter:  cbdilger  |        Owner:  anonymous   
     Type:  defect    |       Status:  new         
 Priority:  normal    |    Milestone:  2.4 (future)
Component:  Security  |      Version:  2.2         
 Severity:  normal    |   Resolution:              
 Keywords:            |  
----------------------+-----------------------------------------------------
Comment (by cbdilger):

 Replying to [comment:1 JeremyVisser]:
 > Can you {{{grep}}} your access logs for {{{link-add.php}}}? Might reveal
 something.

 Only three instances::

 access.log.2007-07-06.gz:87.126.31.177 - - [06/Jul/2007:05:24:49 -0700]
 "GET /cbd/wp-admin/link-add.php HTTP/1.0" 200 12447 "-" "Opera/9.01
 (Windows NT 5.0; U; en)"
 access.log.2007-07-12.gz:87.126.31.177 - - [12/Jul/2007:06:56:22 -0700]
 "GET /cbd/wp-admin/link-add.php HTTP/1.0" 200 12447 "-" "Opera/9.01
 (Windows NT 5.0; U; en)"
 access.log.2007-07-12.gz:87.126.31.177 - - [12/Jul/2007:06:56:24 -0700]
 "POST /cbd/wp-admin/link.php HTTP/1.0" 200 0 "http://wrecking.org/cbd/wp-
 admin/link-add.php" "Opera/9.01 (Windows NT 5.0; U; en)"

 > Oh, and upgrade to 2.2.1. 2.2 has known security flaws.

 Will do.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4627#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list