Re: [Full-disclosure] WordPress Authenticated File Upload Authorisation Bypass

[PsychoBilly <zpamh0l3@xxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[[   Denis Andzakovic   ]] @ [[   21/06/2012 04:04   
]]--------------------------------------------------
> Exploitation of this vulnerability requires a malicious user with access to 
> the admin panel

Nicely played, sir, seems legit.
Whatabout an sec.advisory on http://wordpress.org/extend/plugins/wp-filemanager/
anyone?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJP4uJ1AAoJEB2ZvwF45NtDyYcIAKpbK14CdVTnHNPG3UqqqfIN
PzFz+BSh9gx8XE2ShASfovrgvS3awDCQAAYd+Ma6F67z6pLMPURtjz8XVGrrbBFi
4+4bN/ka9cIN/jMdwH2dDikowsPD4wWS6Xjucis7ID2o6xpTPbVrhYUoUae6Z09r
iD6SOA4pHSkcb1UUR5Cw5qLdbM84RJo0Jfelfr+DXAToR+8t6+b0ufIPpI6PISfW
b3wqi7GomXNpfxTPo4C/6S5VNpTzq5HBMrRvzotcq8n8ZOno+29/+UVd/vvBtNN8
P5XzpNCjKt25cpoiNnvn1cH50gcyitKb1czPpcY4mTR7aRdYQZL3nH7bbQSGXek=
=VCxc
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/