Comments on: More 0day wordpress security leaks in firestats!

By: eat thai

eat thai — Mon, 04 Oct 2010 15:27:52 +0000

Please. can you PM me and tell me company of much more thinks hither this. I am truly fan of inseparable' s webpage...gets solved properly asap.

By: tava tea

tava tea — Wed, 25 Aug 2010 07:45:45 +0000

I love what you men are usually up too. This kind of clever work and reporting! Keep up the great functions guys I' ve added you men to my blogroll, Cheers.

By: Jelmer de Hen

Jelmer de Hen — Sat, 17 Jul 2010 16:08:54 +0000

Yea you may quote our blog, my personal twitter is http://twitter.com/JelmerDeHen and for the entire blog where you automatically get updates as we update the site is http://twitter.com/HackAck. Feel free to follow us .

By: cryptsol

cryptsol — Fri, 16 Jul 2010 11:18:54 +0000

it was very interesting to read.
I want to quote your post in my blog. It can?
And you et an account on Twitter?

By: Omry Yadan

Omry Yadan — Mon, 12 Jul 2010 20:14:14 +0000

I am sure you can figure it out, if not - look at the comment in the new version of the file

By: Jelmer de Hen

Jelmer de Hen — Sat, 10 Jul 2010 18:49:38 +0000

You are right; I looked at the code but I could not find anything worthy.
Why would you have this function in Firestats, it's pretty pointless I think.

By: Omry Yadan

Omry Yadan — Sat, 10 Jul 2010 15:41:15 +0000

The most significant thing is of course the configuration file download, however it's totally false.

see if you can get my config file from here:

http://admin.firestats.cc/firestats/php/tools/get_config.php

this php script is designed to generate a config file on demand, not to give the current one.
for instance, here is the config file of Bill Gates:
http://admin.firestats.cc/firestats/php/tools/get_config.php?user=Bill%20Gates&pass=secret!

By: Sid3^effects

Sid3^effects — Sat, 10 Jul 2010 03:03:15 +0000

nice find ..hope they fix it soon