Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WordPress Authenticated File Upload Authorisation Bypass

From: valdis.kletnieks () vt edu
Date: Thu, 21 Jun 2012 11:34:28 -0400
On Thu, 21 Jun 2012 08:02:26 -0700, Gage Bystrom said:

to me it seems like hes trying to say that someone with administrative
access has the ability to....have administrative access. Its like
saying "Hey guys! I found a local exploit and all it requires is to be
a root user!!!"

I'm not sure if he's trolling or just stupid.


There are many things that, while technically not "vulnerabilities", are still
pretty interesting to remember, in case you find a way to trick that admin user
into doing it for you.  This has been true ever since Unix boxes got pwned by
getting the root user to look at your odd core dump - after putting something
interesting in .dbxrc in the directory....

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: