Hi, [Sending it to the bug report to make sure the extra info is recorded]
On Saturday 29 November 2008, Andrea De Iacovo wrote: > Hi. > > As you could have noticed wordpress-2.5.1-10 hit lenny carrying the > workaround for #504771. > Could you, please, downgrade the bug to important now? I'm still not very much convinced because there are plenty of other attack vectors out there in the code; it is just a matter of grepping for _REQUEST in the source code and check what they are used for. For example: another look at the code revealed that wp_get_referer can be abused to redirect the admin to whatever site is specified in a cookie called '_wp_http_referer' under certaim circumstances. Also, setting a 'delete_comments' cookie will cause a minor DoS when trying to perform several actions on the comments (via edit-comments.php). That would be a nice play to prevent the admin from deleting spam comments for a while. > > Thank you very much for your cooperation. Thank _you_. > > Cheers. > > Andrea Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
