Full Disclosure mailing list archives
Re: WordPress Authenticated File Upload Authorisation Bypass
From: PsychoBilly <zpamh0l3 () gmail com>
Date: Thu, 21 Jun 2012 10:59:33 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [[ Denis Andzakovic ]] @ [[ 21/06/2012 04:04 ]]--------------------------------------------------
Exploitation of this vulnerability requires a malicious user with access to the admin panel
Nicely played, sir, seems legit. Whatabout an sec.advisory on http://wordpress.org/extend/plugins/wp-filemanager/ anyone? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJP4uJ1AAoJEB2ZvwF45NtDyYcIAKpbK14CdVTnHNPG3UqqqfIN PzFz+BSh9gx8XE2ShASfovrgvS3awDCQAAYd+Ma6F67z6pLMPURtjz8XVGrrbBFi 4+4bN/ka9cIN/jMdwH2dDikowsPD4wWS6Xjucis7ID2o6xpTPbVrhYUoUae6Z09r iD6SOA4pHSkcb1UUR5Cw5qLdbM84RJo0Jfelfr+DXAToR+8t6+b0ufIPpI6PISfW b3wqi7GomXNpfxTPo4C/6S5VNpTzq5HBMrRvzotcq8n8ZOno+29/+UVd/vvBtNN8 P5XzpNCjKt25cpoiNnvn1cH50gcyitKb1czPpcY4mTR7aRdYQZL3nH7bbQSGXek= =VCxc -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WordPress Authenticated File Upload Authorisation Bypass Denis Andzakovic (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass PsychoBilly (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass Greg Knaddison (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass Gage Bystrom (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass valdis . kletnieks (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass Hector Marco (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass Denis Andzakovic (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass Benji (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass Carlos Alberto Lopez Perez (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass Gage Bystrom (Jun 21)