Коментарі для запису: Full path disclosure в WordPress http://websecurity.com.ua/1973/ Sun, 19 Apr 2026 02:57:07 +0000 http://wordpress.org/?v=MustLive Edition від: MustLive http://websecurity.com.ua/1973/#comment-119857 Mon, 07 Apr 2008 20:55:16 +0000 http://websecurity.com.ua/1973/#comment-119857 <strong>beford</strong> Yes, people mostly don't care about full path disclosure holes. As it can be seen from my articles <a href="/1938/" rel="nofollow">”Warning” Google hacking</a> (there are millions of such holes in Internet ;-)). From FPD vulnerabilities it's very often possible to find FTP login, also it's often possible to find DB login (such as MySQL) and even database name (sometimes DB name and login are identical). And main information leakage from FPD - it is path at server, which can be used for Directory Traversal and Local Inclusion attacks. P.S. This FPD - it's old hole, which was disclosed last year (and I just found time to wrote about it). There are many other full path disclosure holes in WP which were disclosed in 2007 year (and I wrote about them). I also found many such holes in WordPress last year, like I wrote in this post, and you can look at them at next posts: http://websecurity.com.ua/1634/ http://websecurity.com.ua/1679/ http://websecurity.com.ua/1683/ http://websecurity.com.ua/1687/ beford

Yes, people mostly don’t care about full path disclosure holes. As it can be seen from my articles ”Warning” Google hacking (there are millions of such holes in Internet ;-) ).

From FPD vulnerabilities it’s very often possible to find FTP login, also it’s often possible to find DB login (such as MySQL) and even database name (sometimes DB name and login are identical). And main information leakage from FPD - it is path at server, which can be used for Directory Traversal and Local Inclusion attacks.

P.S.

This FPD - it’s old hole, which was disclosed last year (and I just found time to wrote about it). There are many other full path disclosure holes in WP which were disclosed in 2007 year (and I wrote about them). I also found many such holes in WordPress last year, like I wrote in this post, and you can look at them at next posts:

http://websecurity.com.ua/1634/
http://websecurity.com.ua/1679/
http://websecurity.com.ua/1683/
http://websecurity.com.ua/1687/

]]> від: beford http://websecurity.com.ua/1973/#comment-118639 Mon, 31 Mar 2008 07:47:04 +0000 http://websecurity.com.ua/1973/#comment-118639 cool FPD. Most people don't care about this kind of bugs, they dont consider important the fact that most of the time this information allows attackers to know their FTP username ;) cool FPD. Most people don’t care about this kind of bugs, they dont consider important the fact that most of the time this information allows attackers to know their FTP username ;)

]]>