| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Path Disclosure - Wordpress 2.1.2 |
| From: | lj@subjectzero.net |
| Date: | 25 Mar 2007 03:50:56 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Product : Wordpress 2.1.2 Vulnerability Details : All the sites running on the latest version of wordpress 2.1.2 are exposed to a full path disclosure vulnerability. Proof of Concept: http://www.anysite.com/Path_to_wordpress/wp-includes/vars.php Error Returned: Fatal error: Call to undefined function get_option() in /home/santoshp/public_html/wp-includes/vars.php on line 92 Location: www.indiaesecure.com/exploits.htm/wp212.txt |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | CcCounter 2.0 cross-site scripting vulnerability, localexploit |
|---|---|
| Next by Date: | Horde Webmail Multiple HTML Injection vulnerability, DoZ |
| Previous by Thread: | CcCounter 2.0 cross-site scripting vulnerability, localexploit |
| Next by Thread: | Re: Path Disclosure - Wordpress 2.1.2, jm |
| Indexes: | [Date] [Thread] [Top] [All Lists] |