0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

simply awful

leave a comment »

i currently have the worst bio i’ve ever seen. must fix that.

fyi, wordpress has issues:
http://seclists.org/fulldisclosure/2009/Jul/0057.html (thank you, core)

A vulnerability was found in the way that WordPress handles some URL
requests. This results in unprivileged users viewing the content of
plugins configuration pages, and also in some plugins modifying plugin
options and injecting JavaScript code. Arbitrary native code may be run
by a malicious attacker if the blog administrator runs injected
JavasScript code that edits blog PHP code. Many WordPress-powered blogs,
hosted outside ‘wordpress.com’, allow any person to create unprivileged
users called subscribers. Other sensitive username information
disclosures were found in WordPress.

Advertisements

Written by jcran

July 10, 2009 at 4:24 AM

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: