WARNING! Fake news / Disputed / BOGUS

WordPress 3.3.1 Post-Auth Information Disclosure

2012.03.12
Credit: hauntit
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# TITLE ....... # Wordpress 3.3.1 post-auth information disclosure .... # # DATE ........ # 17.02.2012 .......................................... # # AUTOHR ...... # http://hauntit.blogspot.com ......................... # # SOFT LINK ... # http://wordpress.org ................................ # # VERSION ..... # 1.0.0 ............................................... # # TESTED ON ... # LAMP ................................................ # # ..................................................................... # # 1. What is this? # 2. What is the type of vulnerability? # 3. Where is bug :) # 4. More... #............................................# # 1. What is this? This is very nice CMS, You should try it! ;) # 2. What is the type of vulnerability? This vulnerability shows us full path to Wordpress installation on server. Information disclosure bug. Vulnerability can be triggered by users with 'subscriber' role. For some cases bug is available for 'editor'-role users too. # 3. Where is bug :) Go to Your /wordpress/wp-admin/media-upload.php?type=image&tab='&post_id=6 You should see now something similar to: "Fatal error: Maximum execution time of 30 seconds exceeded in /path/to/your/wordpress/wp-includes/plugin.php on line 148." So: @Wordpress/wp-includes$ cat -n plugin.php | grep 148 148 array_pop($wp_current_filter); Enjoy ;) # 4. More... - http://www.wordpress.org - http://hauntit.blogspot.com - http://www.google.com - http://portswigger.net # Best regards #

References:

http://www.wordpress.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top