[wp-trac] [WordPress Trac] #11104: 2.8.5 Injection Exploit
WordPress Trac
wp-trac at lists.automattic.com
Mon Nov 16 00:50:47 UTC 2009
#11104: 2.8.5 Injection Exploit
--------------------------+-------------------------------------------------
Reporter: bradyk | Owner: ryan
Type: defect (bug) | Status: new
Priority: high | Milestone: Unassigned
Component: Security | Version: 2.8.5
Severity: blocker | Keywords: dev-feedback 2nd-opinion exploit, injection, hack, malware, porn
--------------------------+-------------------------------------------------
Comment(by bradyk):
dd32: I don't know why there's such an aversion to my claims by the
Wordpress team. I've already explained, in detail, what happened, and
said that it uploaded a file to /wp-admin/upload.php without having the
permissions (or even a user account) to do so.
What is so hard to understand about that?
I've downloaded all the logs from the last 24 hours before they disappear,
but I'll have to go through them later... if it happened before that, I
can't "prove" anything to you, because (mt) only gives me 24-hour logs and
I'm not exactly sure when this happened.
--Kyle
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11104#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list