Email me with the info and I will pass it on immediately
t2 @ tamba2 . org . uk
Thanks !
Nice try, how about please having the developers check their security@wordpress email or emailing me at the email I have on file here.
What file ?
I looked at your profile.
I’m here: http://wordpress.org/about/
You can trust podz. He’s the cuddly “support maven”.
Can’t trust the rest of us, though.
Sorry about that, but you can never be too careful 🙂 Anyway, the developers can reach me at security a|t gulftech d|o|t org however I have already emailed them, so they can simply check their email.
Again, this is about as high risk of a vulnerability as you can get when it comes to php applications, so the sooner a fix is released the better 🙂
Kind Regards,
James
I have flagged up what I can.
I have sent additional info to t2 @ tamba2 . org . uk
Thanks again for your help 🙂
Not knowing the contents of the email you sent, it is hard for any of us to say whether or not your original email was appropriate.
For instance, if you said only the same things as you posted here, you’re likely not going to get much traction: specific description of the vulnerability is necessary in order for the security team to evaluate the threat.
If you submitted a descriptive explanation of the threat, then I’m confident that internal discussion is taking place. Security vulnerabilities need to be evaluated and responded to carefully, lest the “fix” introduce even worse problems.
It was very detailed. I have been doing this for a while 🙂
http://www.gulftech.org
The vulnerability is sql injection, but using that sql injection you can elevate your status and execute php code, and from there gain a remote shell. No other details will be given out until at least a good week after wordpress releases a patch (give people time to upgrade). I was able to contact a member of the wordpress team (podz) so this thread is pointless now. Please delete it or leave it if you think giving everyone a headz up will make the upgrade be taken more seriously.
Regards,
James
I was not implying anything about your capability as a security researcher. I looked at your site before I wrote my comment.
Many people, as I’m sure you know, often say “There’s a security vulnerability!” and a lot of people get scared, potentially damaging the reputation of the product in question. I try very hard to keep a level head when reports of secuirty vulnerabilities arise because, as I said, they need to be evaluated carefully. Any fix that is released really needs to fix the problem, without introducing new ones.
WordPress 1.5.1.1 suffered from one SQL injection vulnerability, and it was fixed in 1.5.1.2. If another vulnerability does exist, the appropriate steps will be taken in due course.
I understand. There are alot of guys out there who do not know what they are doing and just want their recognition, and don’t care how the vulnerability works or how to fix it.
We’re looking at it now. Matt and I always seem to be on the road when these things come up. It’s a talent we have. 🙂
Thanks for the very detailed and informative report.
No problem. If there is anything else I can do to help or if you have any questions please let me know 🙂
James
