New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3.5.1 DoS #219
Comments
|
Tested, it works BTW, the important thing is this : vulnerability is possible only when there is at least one password protected post on the blog. Code modified: hostname = '192.168.1.103'
wplogin = '/wordpress-3.5.1/wp-login.php'
posturl = '/wordpress-3.5.1/?p=35' # link to password protected post |
|
Cool stuff! |
|
Please use CVE-2013-2173 for this issue. |
|
Re-opened to see which older versions are also vulnerable, see #222 |
|
In the patched version ( Without testing each version individually I think this is enough 'proof' that the above versions are vulnerable? |
|
Apparently the vulnerability was introduced by the |
|
OK. Last update. Vulnerable library was included in version 2.5 but wasn't used until version 3.4. |
|
Take that back. Was used since 2.5 in |
|
Spammer :o |
|
hehe, you love it! ;) Final conclusion: Library was introduced in version 2.5 and was used in pluggable.php, wasn't used in post-template.php until version 3.4. |
Not tested yet - https://vndh.net/note:wordpress-351-denial-service
Will add to DB once reproduced.
The text was updated successfully, but these errors were encountered: