Funny but no, this does not need a non-installed wordpress. 2012/1/25 Benji <m...@b3nji.com>
> Dear full-disclosure > > I wrote to you to tell you about serious serious vulnerability in all > Windows versions. > > If you turn machine on before system is configured, then you be able to > set user password yourself, big gaping hole!!!! > > I make big large botnet to fully utilise this impressive vulnerability! > thegrugq said i could sell this for liike 3 ferrari's and 1 russian wife, i > say nay though! Big time russian mobster offer me diamond, i say nay! I > like report vuln of this size responsibility in so hope to make more > money^H^H^H^H^H^H^Hsecure world. > > Please full-disclosure, this vuln is serious and i plead you shut down all > windows now. > > I wrote metasploit module! It find new installs turned off machine, WOL > and i go to house and enter password! FULL SYSTEM OWNED! Big botnets! Many > wifes! > > > > > On Wed, Jan 25, 2012 at 2:49 PM, Tim Brown <t...@65535.com> wrote: > >> On Wednesday 25 Jan 2012 15:22:39 Henri Salo wrote: >> >> > There is A LOT of these open installation pages in the Internet. It is >> not >> > uncommon to leave those open by accident. Some people also do this, >> > because they just don't understand the risks. I am wondering if >> WordPress >> > would apply patch if we create one as a collaborative effort. I would be >> > more than happy to help creating a patch for this if this is the case. >> >> I may have missed something, but does simply having the file exposed make >> you >> vulnerable. From looking at it, it starts of with a bunch of >> file_exists(), >> which essentially evaluate if you've installed or not and wp_die() if you >> have. >> >> Tim >> -- >> Tim Brown >> <mailto:t...@65535.com> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
