WordPress Exploit

There’s yet another small major security bug for WordPress users: Florian Holzhauer explains on how to disable the bug which allows to execute an entire set of PHP or shell commands.

There is an exploit for Wordpress up and including to 1.5.1.3 out in the wild, which works on webservers with enabled register_globals.
The quick fix is to place
unset($wp_filter);
in index.php at the very top, right after declaring “php” before any other php statements.

There’s no guarantee and liability for the success or any possible errors caused by this mini-workaround, so the best idea is to use an upcoming WordPress version which corrects the bug.

[via Blogbar]

1 Kommentar zu “WordPress Exploit”


  1. 1 Basic Thinking Blog » WP Exploit: Register Globals On? Pingback am 9. Aug 2005 um 23:27
Kommentare sind derzeit deaktiviert.




Subscribe to Bloglines

© Copyright 1997-2007 by Mike Schnoor. All rights reserved. Telagon Sichelputzer is powered by WordPress: RSS Beiträge und RSS Kommentare
Über uns | Archiv | Kontakt | Plugins | Anmelden | Datenschutz | Impressum