WordPress Tierra Audio Path Disclosure

2012.09.13

Credit: Dark-Puzzle

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Title 	: Wordpress-Tierra Audio Full Path Disclosure/Directory Listing Vulnerabilities.
# Author	: Dark-Puzzle (Souhail Hammou) 	
# Date  	: 14th September 2012
# Risk 		: Low
# Tested On : Windows XP SP3 - Fr & Backtrack 5 R3
# Greetings : Inj3ct0rs - Offensive Security - Security Focus - Packetstorm Security .
# Contact Me: http://www.facebook.com/dark-puzzle OR dark-puzzle@live.fr

############################################################

Tierra Audio Plugins Is prone to two vulnerabilities . 
To Disclosure the full path you will have to open the file "audio-playlist-manager.php" without an 'id' parameter .
The origin of this problem is some scripting mistakes .

Example :

http://www.saxxxxxxxima.info/wp-content/plugins/tierra-audio-with-autoresume/audio-playlist-manager.php

#############################################################

In Addition you can navigate the tierra plugin directory easily :

Example :

http://gxxxxxnex.tv/wp-content/plugins/tierra-audio-with-autoresume/

##################################
Solution : 
.htaccess must be certainly edited to avoid the directory listing problem .
#################################
			

#Datasec Team .

References:

http://www.facebook.com/dark-puzzle

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Tierra Audio Path Disclosure

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.