Full Disclosure mailing list archives
Re: Code Execution vulnerability в WordPress
From: Milan Berger <m.berger () project-mindstorm net>
Date: Sat, 30 Apr 2011 12:28:58 +0200
Agreed, I run WP and, unless the admin is malignant towards your server, this is nothing but simple template editing wich can be done.. normally, as admin with perms.. ofc, if you have a bad apple in the bunch, it will eventually showup in some way.. this is just a level of trust given to WP-Admins, wich Could or could-NOT be compromised, depends on your admins... I know on my site, thats not a possible scenario to attack this and exploit, simply dont have admins :>
and just run a clean installation/configuration of php, so code execution is not possible... This "adivsory" is pure bullshit! -- Kind Regards Milan Berger Project-Mindstorm Technical Engineer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Code Execution vulnerability в WordPress MustLive (Apr 29)
- Re: [Full-disclosure] Code Execution vulnerability в WordPress Christian Sciberras (Apr 29)
- Re: [Full-disclosure] Code Execution vulnerability в WordPress -= Glowing Doom =- (Apr 29)
- Re: Code Execution vulnerability в WordPress Milan Berger (Apr 30)
- Re: [Full-disclosure] Code Execution vulnerability в WordPress -= Glowing Doom =- (Apr 29)
- Re: [Full-disclosure] Code Execution vulnerability в WordPress Christian Sciberras (Apr 29)