[wp-trac] Re: [WordPress Trac] #4627: Link manager exploit?
WordPress Trac
wp-trac at lists.automattic.com
Wed Oct 24 08:03:31 GMT 2007
#4627: Link manager exploit?
----------------------+-----------------------------------------------------
Reporter: cbdilger | Owner: pishmishy
Type: defect | Status: reopened
Priority: high | Milestone: 2.0.12
Component: Security | Version: 2.2
Severity: normal | Resolution:
Keywords: |
----------------------+-----------------------------------------------------
Comment (by westi):
Replying to [comment:21 ryan]:
> hmmm, add_link()/edit_link() already did a cap check, so I think our
patch didn't really change anything.
Agreed.
I noticed those first when I went to look at branches/2.0
From what I can tell from reading through both the ajax and non-ajax
routes you need a user with manage_links to achieve adding a link.
This is beginning to feel like someone has either stolen then cookies from
a high level user _or_ found a way to create a high level user - I can't
see any vector for that from the code reviewing I have done.
--
Ticket URL: <http://trac.wordpress.org/ticket/4627#comment:22>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list