[wp-hackers] Possible vulnerability with the plugin system
John Blackbourn
johnbillion+wp at gmail.com
Thu Dec 6 21:37:19 GMT 2007
Otto, I've already tried the ../ trick and thankfully there is
protection against this. It does only allows you to include files
within the wp-content/plugins directory.
On Dec 6, 2007 9:31 PM, Otto <otto at ottodestruct.com> wrote:
> Could this still be potentially dangerous with the .. modifier?
> Basically this will allow them to execute any PHP file on your server
> in your context, no? Might be an issue with shared servers.
>
> http://www.example.com/wp-admin/options.php?page=../../../badguy/badscript.php
>
>
>
>
> On 12/6/07, Andy Skelton <skeltoac at gmail.com> wrote:
> > Super-interesting: http://www.sitepoint.com/blogs/2006/10/06/php-mapreduce/
> >
> > Clicking "This search" in that article, I found the exact code at
> > issue in this Hackers thread. Fortunately the $_GET parameter is
> > appended to a known path, rendering this exploit unusable.
> >
> > Cheers,
> > Andy
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list