WordPress version 3.3.1 post authentication information disclosure vulnerability.
564e76972c3aaeb2b57fedf35fc7f39fbdd135b7a0590abe9b20675231c1fd45# TITLE ....... # Wordpress 3.3.1 post-auth information disclosure .... #
# DATE ........ # 17.02.2012 .......................................... #
# AUTOHR ...... # http://hauntit.blogspot.com ......................... #
# SOFT LINK ... # http://wordpress.org ................................ #
# VERSION ..... # 1.0.0 ............................................... #
# TESTED ON ... # LAMP ................................................ #
# ..................................................................... #
# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...
#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)
# 2. What is the type of vulnerability?
This vulnerability shows us full path to Wordpress installation on server.
Information disclosure bug.
Vulnerability can be triggered by users with 'subscriber' role.
For some cases bug is available for 'editor'-role users too.
# 3. Where is bug :)
Go to Your /wordpress/wp-admin/media-upload.php?type=image&tab='&post_id=6
You should see now something similar to:
"Fatal error: Maximum execution time of 30 seconds exceeded in
/path/to/your/wordpress/wp-includes/plugin.php on line 148."
So:
@Wordpress/wp-includes$ cat -n plugin.php | grep 148
148 array_pop($wp_current_filter);
Enjoy ;)
# 4. More...
- http://www.wordpress.org
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
# Best regards
#
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed