Wordpress Exploit

**nux** · 20 October, 2009, 15:50 PM

This is what my blog looks like:

$charset = $_POST['charset'];

if(strlen($charset) > 50)
die;

// These three are stripslashed here so that they can be properly escaped after

Originally Posted by Snak3

@nux
can you show where exactly in wp-trackback.php have we to paste the following code as mentioned by you in your blog post :

Code:

if(strlen($charset) > 50)
die;

I understand line 47 but to be precise
I mean, before what and after what piece of code should it come/appear.

**texashiker** · 20 October, 2009, 18:37 PM

Should we just remove the trackback.php file from the wordpress folder? Or rename it so its not usable until a full patch is released?

**nux** · 20 October, 2009, 19:10 PM

The code I showed you will fix the problem. I've tested it myself.

**Snak3** · 20 October, 2009, 19:39 PM

Originally Posted by nux

This is what my blog looks like:

$charset = $_POST['charset'];

if(strlen($charset) > 50)
die;

// These three are stripslashed here so that they can be properly escaped after

Thnx a bunch, done on my WP blog