Closed apokalyptik closed 15 years ago
See:
curl -v -v http://$HOSTNAME/wp-content/plugins/wordpress-console/query.php --data 'query=echo%201%2B1%3B'
Installing the plugin as-is is begging (pretty please) to be hacked.
Suggested fix: sign query with a shared secret, generated randomly (the random generation could be better, but it'll work for now)
Patch: http://blog.apokalyptik.com/files/wordpress-console-auth.diff
require shared secret to run query (patch by apokalyptik). Closed by 5a94d4338a39fe0847226e331dbc13091347ba3b
See:
curl -v -v http://$HOSTNAME/wp-content/plugins/wordpress-console/query.php --data 'query=echo%201%2B1%3B'
Installing the plugin as-is is begging (pretty please) to be hacked.
Suggested fix: sign query with a shared secret, generated randomly (the random generation could be better, but it'll work for now)
Patch: http://blog.apokalyptik.com/files/wordpress-console-auth.diff