http://matasanochargen.disqus.com/enTue, 30 Jun 2009 09:29:51 -0000http://www.matasano.com/log/1019/funny/#comment-11932128<p><b><a href="http://www.odasohbeti.com/" rel="nofollow noopener" target="_blank" title="Sohbet">SOHBET</a></b><br><b><a href="http://www.odasohbeti.com/bursa.html" rel="nofollow noopener" target="_blank" title="Sohbet">BURSA SOHBET</a></b><br><b><a href="http://www.odasohbeti.com/istanbul.html" rel="nofollow noopener" target="_blank" title="Sohbet">ISTANBUL CHAT</a></b><br><b><a href="http://www.odasohbeti.com/islamidini.html" rel="nofollow noopener" target="_blank" title="islami dini">ISLAMI CHAT</a></b><br><b><a href="http://www.odasohbeti.com/izmir.html" rel="nofollow noopener" target="_blank" title="izmir Sohbet">IZMIR CHAT</a></b><br><b><a href="http://www.odasohbeti.com/ankara.html" rel="nofollow noopener" target="_blank" title="Ankara Sohbet">ANKARA ARKADAS</a></b><br><b><a href="http://www.odasohbeti.com/almanya.html" rel="nofollow noopener" target="_blank" title="Almanya Sohbet">ALMANYA CHAT</a></b><br><b><a href="http://www.odasohbeti.com/turkiye.html" rel="nofollow noopener" target="_blank" title="TURKEY">TURKEY CHAT</a></b><br><b><a href="http://www.odasohbeti.com/mynet.html" rel="nofollow noopener" target="_blank" title="Mynet">MYNET</a></b><br><b><a href="http://www.odasohbeti.com/siteneekle.html" rel="nofollow noopener" target="_blank" title="Sitene Ekle">SITENE EKLE</a></b><br><b><a href="http://www.odasohbeti.com/ensonyerlivideomuzikleriklipleridinleizle.html" rel="nofollow noopener" target="_blank" title="video">VIDEO KLIP IZLE</a></b></p>sohbetTue, 30 Jun 2009 09:29:51 -0000http://www.matasano.com/log/1019/funny/#comment-2323603<p>Haha, thanks for that, very entertaining. It's disappointing that no-one's fixed this rather weak looking bit of coding (e.g. the entirety of wordpress) yet!</p>SEO RanterFri, 11 Apr 2008 05:08:10 -0000http://www.matasano.com/log/1019/funny/#comment-2323596<p>Interesting. There are some good ideass presented here. I need to do spend some time reading more about these topics.</p>Doug SteeleSun, 17 Feb 2008 22:01:50 -0000http://www.matasano.com/log/1019/funny/#comment-2323602<p>ndg: Thank you for the clarification.</p>Mike TracyWed, 23 Jan 2008 18:43:12 -0000http://www.matasano.com/log/1019/funny/#comment-2323601<p>"Apparently, we’re using the is_admin() call to figure out if a user is administrator after all?"</p><p>No, it's because pending/draft posts are only displayed in the administration interface (on the "manage posts" page, etc).</p><p>The issue here is that WordPress classifies posts along two axes, published-unpublished and public-private. The exploit reveals (unpublished &amp; public) data only; posts marked as "private" stay private, even though an administrator would be able to see them.</p>ndgWed, 23 Jan 2008 18:21:16 -0000http://www.matasano.com/log/1019/funny/#comment-2323600<p>And why does my blog post all of a sudden become about Tom?</p>Mike TracyWed, 23 Jan 2008 17:29:56 -0000http://www.matasano.com/log/1019/funny/#comment-2323599<p>What does that comment even mean?</p>Thomas PtacekWed, 23 Jan 2008 17:29:21 -0000http://www.matasano.com/log/1019/funny/#comment-2323595<p>Oh no, you're picking up the Thomas style of oblique asides. Trying to sort info from cuteness and failing...</p>NateWed, 23 Jan 2008 17:12:12 -0000http://www.matasano.com/log/1019/funny/#comment-2323598<p>I'm not sure about "wrong". All that statement was intended to do was point out that the way the bug was exploited in the snippet at <a href="http://blackhatdomainer.com" rel="nofollow noopener" target="_blank" title="blackhatdomainer.com">blackhatdomainer.com</a> requires the use of REQUEST_URI. It was not intended to suggest a fix or in any other way condone the coding practices of the WordPress crew.</p><p>I probably should have been more clear in the idea I was expressing but I was too busy snorting a perfectly good bottle of wine out of my nose.</p>Mike TracyWed, 23 Jan 2008 14:00:57 -0000http://www.matasano.com/log/1019/funny/#comment-2323597<p>"In PHP, the difference between _SERVER[‘PHP_SELF’] and _SERVER[‘REQUEST_URI’] is that the latter also gives you the parameters that were passed to a GET request."</p><p>Perhaps by now you already know your'e wrong. PHP_SELF is as much vulnerable as REQUEST_URI.</p><p>Peace. Lets see what gobless saz :]</p>HugoWed, 23 Jan 2008 13:41:40 -0000