"A remote attacker, with read access to the password database can gain administrator rights."<br><br>This also applies to many other blog software and also every system with a password database.<br><br>-- <br>Francesco Vaj [CISSP - GIAC]
<br>Senior Content Manipulation Consultant<br>mailto:<a href="mailto:vaj@nospam.xssworm.com">vaj@nospam.xssworm.com</a><br>aim: XSS Cross Site <br><br>XSS Worm: Cross Site Scripting Attacks<br>Wordpress Blog Password Hash Replay Information Portal (tm) 2007
<br><a href="http://www.XSSworm.com/">http://www.XSSworm.com/</a><br>--<br>"Vaj, bella vaj."