[wp-trac] [WordPress Trac] #11104: 2.8.5 Injection Exploit
WordPress Trac
wp-trac at lists.automattic.com
Mon Nov 16 15:41:47 UTC 2009
#11104: 2.8.5 Injection Exploit
--------------------------+-------------------------------------------------
Reporter: bradyk | Owner: ryan
Type: defect (bug) | Status: new
Priority: high | Milestone: Unassigned
Component: Security | Version: 2.8.5
Severity: blocker | Keywords: dev-feedback 2nd-opinion exploit, injection, hack, malware, porn
--------------------------+-------------------------------------------------
Comment(by ryan):
Replying to [comment:11 bradyk]:
> dd32: I don't know why there's such an aversion to my claims by the
Wordpress team. I've already explained, in detail, what happened, and
said that it uploaded a file to /wp-admin/upload.php without having the
permissions (or even a user account) to do so.
>
> What is so hard to understand about that?
The POST to upload.php was almost certainly made with proper permissions.
We're saying that is a red herring and that we need log files for what
happened before that. Your post, although detailed, is simply showing us
the aftermath.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11104#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list