Philipp A. Baer

2005-08-09: Wordpress Exploit no comments

Wordpress < = 1.5.1.3 is vulnerable to a server-side XSS attack. It requires register\_globals
to be turned on. If you can’t disable registration of global variables you might want to enable safe\_mode or disable some of the unsafe functions by adding

disable_functions = exec, system, passthru

to your php.ini.

Found on fh’s blog

This entry was posted on Tuesday, 09 August 2005 at 21:09 and is filed under Binary World, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2005-08-09: Wordpress Exploit no comments

Leave a Reply