[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

Dave Jones dave at technicacreative.co.uk
Wed Nov 11 18:57:03 UTC 2009


php_enable_exploits on ?

:D

Dave Jones
www.technicacreative.co.uk


On 11 Nov 2009, at 18:54, Otto wrote:

> To do that, you would just want test.php to output a image/jpeg mim
> header, followed by the jpeg binary data. No need for tricky clever
> naming tricks.
>
> I've been unable to get this to work on my local Apache install so
> far. test.php.jpg doesn't execute. Does anybody know the config needed
> to make this vulnerable?
>
> -Otto
> Sent from Memphis, TN, United States
>
>
> On Wed, Nov 11, 2009 at 11:54 AM, Jeremy Clarke <jer at simianuprising.com 
> > wrote:
>> On Wed, Nov 11, 2009 at 12:48 PM, Otto <otto at ottodestruct.com> wrote:
>>> This seems like an Apache configuration problem to me. There are no
>>> circumstances I can think of where I'd want test.php.jpg to be
>>> executed as PHP by Apache.
>>
>> I think the example would be if you were using php with GD or
>> something to output images on the fly (maybe with a caching layer in
>> the php). There must be some plugins out there that use this trick, I
>> know i've seen it before. It might be that this should be the
>> .htaccess hack and not the standard though.
>>
>> --
>> Jeremy Clarke
>> Code and Design | globalvoicesonline.org
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list