Full path disclosure в WordPress

23:54 29.03.2008

В минулому році була виявлена Full path disclosure уразливість в WordPress. Вразливі різні версії WordPress: гілки 2.0.x, 2.1.x, 2.2.x та 2.3.x. Бо, як я вже писав, розробники Вордпреса не бажають виправляти дані уразливості.

Full path disclosure:

http://site/wp-includes/vars.php

В минулому році було виявлено чимало подібних уразливостей в WP. Я раніше писав про інші знайдені подібні дірки, а також писав про велику кількість знайденних мною Full path disclosure уразливостей.


2 відповідей на “Full path disclosure в WordPress”

  1. beford каже:

    cool FPD. Most people don’t care about this kind of bugs, they dont consider important the fact that most of the time this information allows attackers to know their FTP username ;)

  2. MustLive каже:

    beford

    Yes, people mostly don’t care about full path disclosure holes. As it can be seen from my articles ”Warning” Google hacking (there are millions of such holes in Internet ;-) ).

    From FPD vulnerabilities it’s very often possible to find FTP login, also it’s often possible to find DB login (such as MySQL) and even database name (sometimes DB name and login are identical). And main information leakage from FPD - it is path at server, which can be used for Directory Traversal and Local Inclusion attacks.

    P.S.

    This FPD - it’s old hole, which was disclosed last year (and I just found time to wrote about it). There are many other full path disclosure holes in WP which were disclosed in 2007 year (and I wrote about them). I also found many such holes in WordPress last year, like I wrote in this post, and you can look at them at next posts:

    http://websecurity.com.ua/1634/
    http://websecurity.com.ua/1679/
    http://websecurity.com.ua/1683/
    http://websecurity.com.ua/1687/

Leave a Reply

You must be logged in to post a comment.