Re: Wordpress - Broken Access Control

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Wordpress - Broken Access Control
From: otto@xxxxxxxxxxxxxxxx
Date: 16 Dec 2007 10:07:29 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

The is_admin() function is not supposed to tell whether a user is an 
administrator or not, it tells whether the user is looking at one of the 
administration pages. As such, this function does exactly what it is supposed 
to do.

As for the rest, there is no flaw. To view a draft, the user must authenticate 
and have the correct capability set. There is no way to view drafts without 
being logged in and having that capability set on the user's role level.

This "vulnerability" is non-existent.

Follow-Ups:
- Re: Wordpress - Broken Access Control
  - From: Abel Cheung

Prev by Date: release uhooker v1.3
Next by Date: Heap overflow in PeerCast 0.1217
Previous by thread: Wordpress - Broken Access Control
Next by thread: Re: Wordpress - Broken Access Control
Index(es):
- Date
- Thread