| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 03 Oct 2003 10:40:17 +0200 From: Michael Renzmann <security@...anic.de> To: Seth Woolley <seth@...tology.org> Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Re: Cafelog WordPress / b2 SQL injection vulnerabilities discovered and fixed in CVS Hi. Seth Woolley wrote: > Disclaimer: > I (Seth) am not a php expert, and I don't run this code, so I haven't > tested the vendor-provided patch yet, although I assume the vendor has. > Be advised. I tested the patch against the current release version of wordpress (v0.71). Although I couldn't notice any harm with the provided example for the blog I run with this wordpress version, I applied the patch and couldn't see any negative impact. Actually, chances are good that I don't make use of the part of Wordpress that would have been compromised by the provided exploit example. If anyone could provide another working (and non-destructive ;)) exploit I'd be willing to test it against both, the release version any "my" patched version, in order to verify that the provided patch works for 0.71. Or let me know which feature needs to be turned on in order to test the effect of the exploit (please be patient with me, I'm a Wordpress newbie ;)). Bye, Mike _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists