Full Disclosure mailing list archives
Re: TWSL2012-002: Multiple Vulnerabilities in WordPress
From: Henri Salo <henri () nerv fi>
Date: Thu, 26 Jan 2012 15:21:04 +0200
On Wed, Jan 25, 2012 at 04:13:12PM +0000, Benji wrote:
Yes it does. wp-admin/setup-config.php?step=1 on any wp install where it exists gives this: The file 'wp-config.php' already exists one level above your WordPress installation. If you need to reset any of the configuration items in this file, please delete it first.
Yes this is correct information at least with new versions of WordPress. We are running pretty big Linux-server in our organization and I can tell you that open "install me" -pages are very common and I see these as problem. I can try to find out what went wrong with the installation or did they remove the WordPress-installation and didn't understand to remove everything included. I really hope to see this patched anyways just to be sure. I don't know what the actual impact in user-experience can be. Could WordPress comment? - Henri Salo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- TWSL2012-002: Multiple Vulnerabilities in WordPress Trustwave Advisories (Jan 24)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo (Jan 24)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Trustwave Advisories (Jan 25)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo (Jan 25)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Tim Brown (Jan 25)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Benji (Jan 25)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Julius Kivimäki (Jan 25)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Benji (Jan 25)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo (Jan 26)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Trustwave Advisories (Jan 25)
- Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo (Jan 24)