lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <63cec5530609070830l3d2c0342o428ec14be4370f06@mail.gmail.com>
Date: Thu, 7 Sep 2006 11:30:45 -0400
From: "Paul Robertson" <compuwar@...il.com>
To: "vannovax@...il.com" <vannovax@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Sql Injection and Path Disclosoure Wordpress v2.0.5

On 6 Sep 2006 17:26:18 -0000, vannovax@...il.com <vannovax@...il.com> wrote:
> Version Afected: v2.0.5 - v2.0.2
>
>
> For Version v2.0.2
>
>
> index.php?paged=-25633&header.php?=-id

Isn't this the exact same bug reported on Bugtraq in early July by
zero in 2.0.3?

>
>
> For Version v2.0.5
>
> index.php?paged=/archive/-1-5-2-Create%20Table
>

The Wordpress folks tell me there isn't a version 2.0.5, 2.0.4 is the
latest release and the subversion code isn't numbered that way.  Is it
possible the OP got the version string wrong?

Thanks,

Paul
-- 
fora.compuwar.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ