WordPress Tierra Audio third party plugin suffers from full path disclosure and directory listing vulnerabilities. Note that this finding houses site-specific data.
eb8bf13ce083445d9f8934609a93b31fdbda0da617aced0b90568a7a46902d18# Title : Wordpress-Tierra Audio Full Path Disclosure/Directory Listing Vulnerabilities.
# Author : Dark-Puzzle (Souhail Hammou)
# Date : 14th September 2012
# Risk : Low
# Tested On : Windows XP SP3 - Fr & Backtrack 5 R3
# Greetings : Inj3ct0rs - Offensive Security - Security Focus - Packetstorm Security .
# Contact Me: http://www.facebook.com/dark-puzzle OR dark-puzzle@live.fr
############################################################
Tierra Audio Plugins Is prone to two vulnerabilities .
To Disclosure the full path you will have to open the file "audio-playlist-manager.php" without an 'id' parameter .
The origin of this problem is some scripting mistakes .
Example :
http://www.samabima.info/wp-content/plugins/tierra-audio-with-autoresume/audio-playlist-manager.php
#############################################################
In Addition you can navigate the tierra plugin directory easily :
Example :
http://gotconnex.tv/wp-content/plugins/tierra-audio-with-autoresume/
##################################
Solution :
.htaccess must be certainly edited to avoid the directory listing problem .
#################################
#Datasec Team .
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed