Steven J. Murdoch schrieb: > Wordpress Cookie Authentication Vulnerability > > Original release date: 2007-11-19 > ... > Source: Steven J. Murdoch <http://www.cl.cam.ac.uk/users/sjm217/> > Could you elaborate why you consider this news? Most public SQL injection exploits for Wordpress use this cookie trick.
A simple search on milw0rm will reveal that even a Gulftech Wordpress SQL injection exploits from 2005 uses this method to login as admin once it has discovered the hash. Yours, Stefan Esser _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
