[wp-hackers] WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
Dave Jones
dave at technicacreative.co.uk
Thu Nov 12 16:43:00 UTC 2009
Ah Ok, I don't use cPanel though have done in the best and yes it is
very popular and widespread.
This could probably be considered a bug/issue with cPanel WHM as much
as Wordpress then?
Dave Jones
www.technicacreative.co.uk
On 12 Nov 2009, at 16:40, Ken Newman wrote:
> I have replicated this behavior, as in executed info.php.jpg on a
> server running from a popular hosting company. (Is it appropriate to
> list hosts here?) I figured out which host to test from the previous
> message from Lynne Pope, :
>
> I just learned that Multiviews are enabled by default and that this
> is the
> config for WHM/cPanel servers.
>
> So I went to a client's site (one of our only clients with a cPanel
> host; going to switch them to our normal host soon.) and tested it.
> I was surprised that it worked on such a popular host.
>
> If you want to test this out, Dave Jones or Otto, you'll probably
> have to use a host with WHM/cPanel.
>
> On 11/12/2009 11:25 AM, Dave Jones wrote:
>> I'm slightly confused since I thought the exploit allowed arbitrary
>> execution of PHP on the server. This is much worse than a XSS
>> Javascript exploit since PHP could potentially send spam emails,
>> execute a DDOS attack, delete your public_html directory from the
>> server or whatever.
>>
>> i have no doubt that fixing this exploit is a good thing, however I
>> feel it slightly misses the point. That said, I have been unable
>> to replicate this exploit in the wild, even with Options +MultiVIews.
>>
>> This is clearly and Apache/mis-configuration issue and if fixed in
>> WP will remain unfixed in countless other web applications. It
>> would be far better to ensure your host correctly configures Apache
>> and doesn't leave security holes in the server, or move to a host
>> that does!
>>
>>
>> Dave Jones
>> www.technicacreative.co.uk
>>
>>
>> On 12 Nov 2009, at 16:18, Jacob Santos wrote:
>>
>>> Okay, good news, we've fixed the extension exploit and then will
>>> have to wait another 6 to 8 months while another XSS attack shows
>>> up about people adding images executing JavaScript on their
>>> servers (which isn't completely bad since most / all
>>> administrative tasks requires a nonce).
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list