[wp-trac] [WordPress Trac] #5564: Non Plugin Files Cab Be Easily
Included In Current Plugins using database Manipulation
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 1 21:58:39 GMT 2008
#5564: Non Plugin Files Cab Be Easily Included In Current Plugins using database
Manipulation
-----------------------------+----------------------------------------------
Reporter: keithdsouza | Owner: anonymous
Type: defect | Status: new
Priority: highest omg bbq | Milestone: 2.5
Component: Security | Version:
Severity: critical | Keywords:
-----------------------------+----------------------------------------------
A non plugin file can be easily added to active plugins by using database
manipulation by unserializing data and serializing data back to the
database after adding in new rows to the array.
Once a plugin file has been included inside wp_options table under
option_name active_plugins no additional checks are done other than
validating if the file is existing and validated to not have any
programatical and fatal errors.
Could be used to exploit users once user gains access to the database
either via a corrupt theme or plugin as any one having access to the DB
can manipulate the active_plugins column.
--
Ticket URL: <http://trac.wordpress.org/ticket/5564>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list