Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Wordpress File Inclusion
Nov 11 2006 02:18AM
vannovax gmail com
(1 replies)
Re: Wordpress File Inclusion
Nov 13 2006 06:09PM
Expanders (expanders inorbit com)
------------- wp-include/functions.php line:2166 ------------------
function load_template($file) {
global $posts, $post, $wp_did_header, $wp_did_template_redirect,
$wp_query,
$wp_rewrite, $wpdb;
extract($wp_query->query_vars);
require_once($file);
}
-----------------------------------------------------------------
you cannot control a variable directly into a function. so this is not a
vulnerability
Cheers
Expanders
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
function load_template($file) {
global $posts, $post, $wp_did_header, $wp_did_template_redirect,
$wp_query,
$wp_rewrite, $wpdb;
extract($wp_query->query_vars);
require_once($file);
}
-----------------------------------------------------------------
you cannot control a variable directly into a function. so this is not a
vulnerability
Cheers
Expanders
[ reply ]