http://matasanochargen.disqus.com/enTue, 30 Jun 2009 09:29:51 -0000http://www.matasano.com/log/1019/funny/#comment-11932128<B><a href="http://www.odasohbeti.com/" title="Sohbet" target="_top" rel="nofollow">SOHBET</a></B><br><B><a href="http://www.odasohbeti.com/bursa.html" title="Sohbet" target="_top" rel="nofollow">BURSA SOHBET</a></B><br><B><a href="http://www.odasohbeti.com/istanbul.html" title="Sohbet" target="_top" rel="nofollow">ISTANBUL CHAT</a></B><br><B><a href="http://www.odasohbeti.com/islamidini.html" title="islami dini" target="_top" rel="nofollow">ISLAMI CHAT</a></B><br><B><a href="http://www.odasohbeti.com/izmir.html" title="izmir Sohbet" target="_top" rel="nofollow">IZMIR CHAT</a></B><br><B><a href="http://www.odasohbeti.com/ankara.html" title="Ankara Sohbet" target="_top" rel="nofollow">ANKARA ARKADAS</a></B><br><B><a href="http://www.odasohbeti.com/almanya.html" title="Almanya Sohbet" target="_top" rel="nofollow">ALMANYA CHAT</a></B><br><B><a href="http://www.odasohbeti.com/turkiye.html" title="TURKEY" target="_top" rel="nofollow">TURKEY CHAT</a></B><br><B><a href="http://www.odasohbeti.com/mynet.html" title="Mynet" target="_top" rel="nofollow">MYNET</a></B><br><B><a href="http://www.odasohbeti.com/siteneekle.html" title="Sitene Ekle" target="_top" rel="nofollow">SITENE EKLE</a></B><br><B><a href="http://www.odasohbeti.com/ensonyerlivideomuzikleriklipleridinleizle.html" title="video" target="_top" rel="nofollow">VIDEO KLIP IZLE</a></B>chatsohbetTue, 30 Jun 2009 09:29:51 -0000http://www.matasano.com/log/1019/funny/#comment-2323603Haha, thanks for that, very entertaining. It's disappointing that no-one's fixed this rather weak looking bit of coding (e.g. the entirety of wordpress) yet!SEO RanterFri, 11 Apr 2008 05:08:10 -0000http://www.matasano.com/log/1019/funny/#comment-2323596Interesting. There are some good ideass presented here. I need to do spend some time reading more about these topics.Doug SteeleSun, 17 Feb 2008 22:01:50 -0000http://www.matasano.com/log/1019/funny/#comment-2323602ndg: Thank you for the clarification.Mike TracyWed, 23 Jan 2008 18:43:12 -0000http://www.matasano.com/log/1019/funny/#comment-2323601"Apparently, we’re using the is_admin() call to figure out if a user is administrator after all?"<br><br>No, it's because pending/draft posts are only displayed in the administration interface (on the "manage posts" page, etc).<br><br>The issue here is that WordPress classifies posts along two axes, published-unpublished and public-private. The exploit reveals (unpublished &amp; public) data only; posts marked as "private" stay private, even though an administrator would be able to see them.ndgWed, 23 Jan 2008 18:21:16 -0000http://www.matasano.com/log/1019/funny/#comment-2323600And why does my blog post all of a sudden become about Tom?Mike TracyWed, 23 Jan 2008 17:29:56 -0000http://www.matasano.com/log/1019/funny/#comment-2323599What does that comment even mean?Thomas PtacekWed, 23 Jan 2008 17:29:21 -0000http://www.matasano.com/log/1019/funny/#comment-2323595Oh no, you're picking up the Thomas style of oblique asides. Trying to sort info from cuteness and failing...NateWed, 23 Jan 2008 17:12:12 -0000http://www.matasano.com/log/1019/funny/#comment-2323598I'm not sure about "wrong". All that statement was intended to do was point out that the way the bug was exploited in the snippet at <a href="http://blackhatdomainer.com" rel="nofollow">blackhatdomainer.com</a> requires the use of REQUEST_URI. It was not intended to suggest a fix or in any other way condone the coding practices of the WordPress crew.<br><br>I probably should have been more clear in the idea I was expressing but I was too busy snorting a perfectly good bottle of wine out of my nose.Mike TracyWed, 23 Jan 2008 14:00:57 -0000http://www.matasano.com/log/1019/funny/#comment-2323597"In PHP, the difference between _SERVER[‘PHP_SELF’] and _SERVER[‘REQUEST_URI’] is that the latter also gives you the parameters that were passed to a GET request."<br><br>Perhaps by now you already know your'e wrong. PHP_SELF is as much vulnerable as REQUEST_URI.<br><br>Peace. Lets see what gobless saz :]HugoWed, 23 Jan 2008 13:41:40 -0000