Full Disclosure mailing list archives

Re: WordPress Authenticated File Upload Authorisation Bypass

From: Carlos Alberto Lopez Perez <clopez () igalia com>
Date: Fri, 22 Jun 2012 02:25:18 +0200

On 22/06/12 01:14, Benji wrote:

I hear Trustwave are reporting similar issues, like the fact you can
specify remote mysql servers in new installations, amazing right? Do
you work for them?

Btw, with phpmyadmin you can injection sql commands !!!!!!!


:D that was so funny


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carlos Alberto Lopez Perez                           http://neutrino.es
Igalia - Free Software Engineering                http://www.igalia.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

WordPress Authenticated File Upload Authorisation Bypass Denis Andzakovic (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass PsychoBilly (Jun 21)
- Re: WordPress Authenticated File Upload Authorisation Bypass Greg Knaddison (Jun 21)
  - Re: WordPress Authenticated File Upload Authorisation Bypass Gage Bystrom (Jun 21)
    - Re: WordPress Authenticated File Upload Authorisation Bypass valdis . kletnieks (Jun 21)
    - Re: WordPress Authenticated File Upload Authorisation Bypass Hector Marco (Jun 21)
  - Re: WordPress Authenticated File Upload Authorisation Bypass Denis Andzakovic (Jun 21)
    - Re: WordPress Authenticated File Upload Authorisation Bypass Benji (Jun 21)
    - Re: WordPress Authenticated File Upload Authorisation Bypass Carlos Alberto Lopez Perez (Jun 21)