[wp-trac] Re: [WordPress Trac] #9185: cordon off all non-entry
points from the public
WordPress Trac
wp-trac at lists.automattic.com
Mon Feb 23 19:55:24 GMT 2009
#9185: cordon off all non-entry points from the public
-----------------------------+----------------------------------------------
Reporter: jidanni | Owner: ryan
Type: feature request | Status: new
Priority: normal | Milestone: 2.9
Component: Security | Version: 2.7
Severity: normal | Keywords: 2nd-opinion dev-feedback
-----------------------------+----------------------------------------------
Comment(by jidanni):
Even arbitrary execution of my well intentioned
http://abj.jidanni.org/articles/wp-content/themes/jidanni/index.php
jammed an error message into a <title>
<title><br /> <b>Fatal error</b>: Call to undefined function
wp_title() in
<b>/home/jidanni/abj.jidanni.org/articles/wp-
content/themes/jidanni/index.php</b>
One might imagine longer such strings ending up in <title>s etc.
crashing people browsers or overflowing stacks leading to arbitrary
code execution...
Firefox was immune but emacs-w3m fell for it.
Then of course there are poorly written 3rd party plugins, or maybe
even with backdoors using overflows and <script> etc. achieving XSS
and other things over my head, (so sorry for the FUD if I'm wrong.)
Or perhaps just a one-liner that when executed prints wp-config.php,
exposing passwords.
OK, all of this could be done by different routes, except maybe the
XSS.
Anyway, mainly I notice !MediaWiki even has a includes/FakeTitle.php
{{{
* Fake title class that triggers an error if any members are called
}}}
which I don't understand, but implies that !MediaWiki are serious about
security...
It is some kind of double entry point protection...
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9185#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list