Deepan, Please see my most recent post: http://michaeldaw.org/md-hacks/wordpress-templatephp-exploit/
David On 30/12/06, Deepan <[EMAIL PROTECTED]> wrote: > On Wed, 2006-12-27 at 09:33 +0000, David Kierznowski wrote: > > Vulnerability Title: WordPress Persistent XSS > > Author: David Kierznowski > > Homepage: http://michaeldaw.org > > Software Vendor: WordPress Persistent XSS > > Versions affected: Confirmed in v2.0.5 (latest) > > > > See homepage for more details. > > > > WordPress was contacted: 26/12/06 22:04 BST > > Reply received: 27/12/06 06:11 BST > > WordPress has fixed this for v2.0.6, see > > http://trac.wordpress.org/changeset/4665 > > > Dont you need admin privileges to access the templates.php url ? > I am overseeing anything ? > > > > -- > ----------------------------------------------- > Regards > Deepan Chakravarthy N > http://www.codeshepherd.com/ > http://sudoku-solver.net/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/