Full Disclosure mailing list archives

Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

From: g30rg3_x <g30rg3x () gmail com>
Date: Thu, 12 Nov 2009 09:42:21 -0600

The same thing was discussed on WP-Hackers list[1] and it was found
that the problem was introduced by Option +Multiviews[2]...
And also someone point that Option +Multiviews is enabled by default
on cpanel/whm[3] based servers therefore lots of cheap (and not so
cheap) shared hosting providers introduce this behavior that could
potentially be harmful not just to wordpress but any software that
handles uploads and respect the uploaded file extensions.

Regards

[1] http://lists.automattic.com/pipermail/wp-hackers/2009-November/thread.html#28450
[2] http://lists.automattic.com/pipermail/wp-hackers/2009-November/028466.html
[3] http://lists.automattic.com/pipermail/wp-hackers/2009-November/028482.html

_________________________
             g30rg3_x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Dawid Golunski (Nov 12)
- Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Milan Berger (Nov 12)
  - Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Martin Aberastegue (Nov 12)
    - Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Martin Aberastegue (Nov 12)
    - Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution g30rg3_x (Nov 12)
  - Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Vincent Guasconi (Nov 12)
  - Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution Moritz Naumann (Nov 12)
    - Re: WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution YK (Nov 14)