BugTraq
Back to list
|
Post reply
Wordpress File Inclusion
Nov 11 2006 02:18AM
vannovax gmail com
(1 replies)
Re: Wordpress File Inclusion
Nov 13 2006 06:09PM
Expanders (expanders inorbit com)
------------- wp-include/functions.php line:2166 ------------------
function load_template($file) {
global $posts, $post, $wp_did_header, $wp_did_template_redirect,
$wp_query,
$wp_rewrite, $wpdb;
extract($wp_query->query_vars);
require_once($file);
}
-----------------------------------------------------------------
you cannot control a variable directly into a function. so this is not a
vulnerability
Cheers
Expanders
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
function load_template($file) {
global $posts, $post, $wp_did_header, $wp_did_template_redirect,
$wp_query,
$wp_rewrite, $wpdb;
extract($wp_query->query_vars);
require_once($file);
}
-----------------------------------------------------------------
you cannot control a variable directly into a function. so this is not a
vulnerability
Cheers
Expanders
[ reply ]