[VIM] [UNKNOWN] WordPress v2.1.3 >> remote file include~

Noam Rathaus noamr at beyondsecurity.com
Thu Apr 26 07:37:30 UTC 2007


Hi,

I am unable to confirm this, anyone?

Looks fake, and untrue, wp-settings.php doesn't use anything called 
require_once? weird

----------  Forwarded Message  ----------

Subject: WordPress v2.1.3 >> remote file include~
Date: Wednesday 25 April 2007 11:17
From: s433d_only_linux at yahoo.de
To: bugtraq at securityfocus.com

by : www.hackeraz.ir userz , saeid...
++++++++++++++++++++++++++++++++++++
####################################################
#WordPress >> 2.1.3         Remote File Inclusion  #
####################################################
Affected Software .: WordPress >> 2.1.3            #
Download..: http://wordpress-deutschland.org       #
Risk ..............: high                          #
Date .........: 25/4/2007                          #
Found by ..........: s433d_only_linux              #
Contact ...........: s433d_only_linux at yahoo.de     #
Web .............: Www.hackerz.ir                  #
special thanx ........... Ali Jasbi my beste friend#
####################################################
Affected File:                                     #
wordpress/wp-settings.php	                         #
wordpress/wp-includes/template-loader.php	         #
wordpress/wp-includes/theme.php	                   #
####################################################
Exploit:
wordpress/wp-settings.php?require_once=shell?
wordpress/wp-includes/template-loader.php?include=shell?
wordpress/wp-includes/theme.php?require_once=shell?
######################################################

-------------------------------------------------------

-- 
  Noam Rathaus
  CTO
  1616 Anderson Rd.
  McLean, VA 22102
  Tel: 703.286.7725 extension 105
  Fax: 888.667.7740
  noamr at beyondsecurity.com
  http://www.beyondsecurity.com


More information about the VIM mailing list