http://www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.html
See the bottom box and exploit code A ----- Original Message ----- From: chris burgess To: [email protected] Sent: Tuesday, March 10, 2009 2:28 PM Subject: [phpug] Re: Wordpress: Security Fail? I see that eval() is in wp-includes/rewrite.php in WP2.7.1, but I wonder what version of WP were you running? Can you tell us more about the attack signature? Yes, WP is a very high-maintenance piece of software, and I agree with Keri on their core code. Unfortunately, they've really hit a sweet spot for "easy to use CMS", so they'll be popular for a while despite that. --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
