What are you talking about? The entire time I asked questions cause I wasn't in a position to check myself.
The Wordpress qoute was just a reference to the frequent vulnerabilities in plugins and themes. I didn't give a rat ass if the site was secure or not, I was asking questions to confirm if it was a vuln or not. On Dec 7, 2011 4:03 PM, "Christian Sciberras" <[email protected]> wrote: > Gage, if you had the good sense of looking around before talking blindly, > you'd have noticed these guys are using a 3rd party plugin called > "ym_reg_form", probably from these other guys<http://www.yourmembers.co.uk/> > . > > By that standard, Wordpress is as safe as Linux running sshd root:root, > 24/7. > > On the other hand, this doesn't excuse these people from checking their > own software. > Paying for something that happened to be shit isn't an excuse either. > > Chris. > > > > > > 2011/12/8 Gage Bystrom <[email protected]> > >> Slightly hard to understand what you're saying but I think I get the >> point. Reminds me of a qoute from someone "No self respecting hacker would >> use Wordpress". Can't remember where I read that. >> On Dec 7, 2011 3:41 PM, "xD 0x41" <[email protected]> wrote: >> >>> ah k, i have not really looked at it but ye, xss has never ranked to >>> highly with me... but, i guess if it were to be defaced, then people >>> would probably cal it *hacked* lol... i guess people dont get it yet, >>> no one uses theyre web box, as theyre actual, 'safe' ox...not anyone i >>> know..... >>> anyhow ye.. i dont know much in the area, but, id hate to be pwnd thru >>> a login.php :s >>> >>> >>> 2011/12/8 Gage Bystrom <[email protected]>: >>> > Not really. It it isn't exploitable in any sense of the word its not a >>> > vulnerability. It's akin to opening up firebug, writing the generic >>> xss PoC >>> > and calling the site vulnerable :P I'd love to bash on these guys as >>> much as >>> > you want to, but let it be a real vulnerability. If it is one, then >>> kudos. >>> > >>> > On Dec 7, 2011 3:16 PM, "Tomy" <[email protected]> wrote: >>> >> >>> >> >>> >> it does not matter, it's about the fact that someone >>> who publishes such a >>> >> newspaper should know his stuff.. >>> >> >>> >> Tomy >>> >> >>> >> >>> >> >>> >> Wiadomość napisana przez Gage Bystrom w dniu 8 gru 2011, o godz. >>> 00:04: >>> >> >>> >> Nice, but is it stored? Or at least reflective? >>> >> >>> >> On Dec 7, 2011 2:59 PM, "Tomy" <[email protected]> wrote: >>> >>> >>> >>> >>> >>> still vulnerable: >>> >>> >>> >>> sample: >>> >>> http://pentestmag.com:80/wp-login.php?action=register (XSS) >>> >>> >>> >>> e-mail: >>> >>> [email protected]</sCrIpT><sCrIpT>alert(87118)</sCrIpT> >>> >>> >>> >>> >>> >>> LOL >>> >>> >>> >>> >>> >>> >>> >>> Wiadomość napisana przez xD 0x41 w dniu 7 gru 2011, o godz. 23:30: >>> >>> >>> >>> >>> >>> >>> >>> Tomy >>> >>> [email protected] >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> >>> Full-Disclosure - We believe in it. >>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >>> >> _______________________________________________ >>> >> Full-Disclosure - We believe in it. >>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >>> >> >>> >> Tomy >>> >> [email protected] >>> >> >>> >> >>> >> >>> >> >>> >> _______________________________________________ >>> >> Full-Disclosure - We believe in it. >>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> > >>> > >>> > _______________________________________________ >>> > Full-Disclosure - We believe in it. >>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> > Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
