[wp-trac] Re: [WordPress Trac] #4344: Posting comments from
external websites
WordPress Trac
wp-trac at lists.automattic.com
Sun May 27 14:47:28 GMT 2007
#4344: Posting comments from external websites
-----------------------+----------------------------------------------------
Reporter: PsychoGun | Owner: anonymous
Type: defect | Status: closed
Priority: high | Milestone:
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: |
-----------------------+----------------------------------------------------
Comment (by PsychoGun):
You are stupid.
This report is not invalid and you should test my proof of concept before
to edit it. This vulnerability do work, and the only data which are really
requiried are the "comment" and the "comment_post_ID".
WordPress just dose not care if the "_wp_unfiltered_html_comment" is not
send, he does post de comment.
You should try my POC. I did it in all versions, and it works.
--
Ticket URL: <http://trac.wordpress.org/ticket/4344#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list