Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: TWSL2012-002: Multiple Vulnerabilities in WordPress
From: Henri Salo <henri () nerv fi>
Date: Thu, 26 Jan 2012 15:21:04 +0200

On Wed, Jan 25, 2012 at 04:13:12PM +0000, Benji wrote:
Yes it does.

wp-admin/setup-config.php?step=1 on any wp install where it exists gives

The file 'wp-config.php' already exists one level above your WordPress
installation. If you need to reset any of the configuration items in this
file, please delete it first.

Yes this is correct information at least with new versions of WordPress. We are running pretty big Linux-server in our 
organization and I can tell you that open "install me" -pages are very common and I see these as problem.

I can try to find out what went wrong with the installation or did they remove the WordPress-installation and didn't 
understand to remove everything included. I really hope to see this patched anyways just to be sure. I don't know what 
the actual impact in user-experience can be. Could WordPress comment?

- Henri Salo

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]