[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wordpress File Inclusion

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Wordpress File Inclusion
From: emc3@xxxxxxxxxxxxxxxxxxxx
Date: 13 Nov 2006 18:24:58 -0000

That word you keep using? I don't think it means what you think it means.

IOW, You can't inject a value into the $file parameter to load_template() like 
this. And I'm pretty sure that you can't do it all, unless you've installed a 
third-party plugin or theme that's doing something really weird with wp_query.

Prev by Date: Re: feedsplitter considered harmful
Next by Date: NuRems 1.0 Remote XSS/SQL Injection Exploit
Previous by thread: Re: Wordpress File Inclusion
Next by thread: [MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue
Index(es):
- Date
- Thread