| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jun 2012 18:55:21 +0200 From: Hector Marco <hecmargi@....es> To: full-disclosure@...ts.grok.org.uk Subject: Re: WordPress Authenticated File Upload Authorisation Bypass -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1.- "WordPress Authenticated File Upload Authorisation Bypass" ... where is the "Bypass" ? 2.- "A malicious user with access to the admin panel" .. this user does not need any more :) El 21/06/12 17:02, Gage Bystrom escribió: > to me it seems like hes trying to say that someone with administrative > access has the ability to....have administrative access. Its like > saying "Hey guys! I found a local exploit and all it requires is to be > a root user!!!" > > I'm not sure if he's trolling or just stupid. > > On Thu, Jun 21, 2012 at 7:42 AM, Greg Knaddison > <greg.knaddison@...uia.com> wrote: >> On Wed, Jun 20, 2012 at 8:04 PM, Denis Andzakovic >> <denis.andzakovic@...urity-assessment.com> wrote: >>> >>> Exploitation of this vulnerability requires a malicious user with >>> access to the admin panel to use the >>> "/wp-admin/plugin-install.php?tab=upload" page to upload a malicious >>> file. >> >> >> That tool is meant to allow an admin to upload arbitrary php plugins. You >> can argue that this feature is insecure by design, but there are two >> solutions from the WordPress perspective: >> >> 1) "Don't grant malicious users the permission to install plugins." >> 2) If you don't want this feature on your site at all, this feature can be >> disabled in the config define( 'DISALLOW_FILE_MODS', TRUE); >> >> By the way, two more "vulnerabilities" the theme installer has this same >> issue and the upgrade tool could also be abused if you can poison the DNS of >> the server. >> >> Regards, >> Greg >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP41H2AAoJEKXHFbLwCyFqezcP/jO8GwraKDBoDhtJNTnkQFjS ZOdlKj3yT6PcKJTAGyH+a4x1HBbRHtThHC9GOQm+Fzv/NJ/BYVeL495CeMVrxR/7 tCeirDTV0ek28qZmfdJbQy41GYaI9/JScjh+K8rEby5jOurnNGR0G4LARX9n3iBC MZOarxVkmF5nkRf1Tc+PgqIa2mLHn8j1nNvm+pRVuXYMr3eYqwfZNUsudoZ6cliu J2SIZja6kmltO6vuKw2VxY8Tv9W6U+RdRhvAUas4L+sjOrzJQ7N8NopvaPai3tf1 ZyZ0Z0Zo0/XujhdpYp0JmhAjyQx8ftu9mkMlsrwPYH+c4q078R8iTQXo6gfvveb6 93WtWPq0WUwfbKd/AHDuTJ3IRm07XuHPYwSoylA+3ugvuDqcIWhREfL3OZCKzw64 f35qcUfaI7fpNUG1uMVnbBpoYR4YOs7BEoB6AS+0JTy4qNBpSE8S6n2GgS0OpZ3w qm1ClygSAbcJDqkM2Tsy9z43CJFF32FUCM3irgUZyhxYRPu7axyU4tASu+TyokHu yTpWSgboMlb8oVvX6sznHdRqbbOKQesdZU6/1ZcyIDuMC7DD5dfx4/nD2lMVC16H QW8vG5q9E1IpfXGbrpG5lOayRuaUGgpD72whziuO7tqx+at/cTegKXQvn+qthn3f y9DYJ+1afNMjsSFOty2y =Q43y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists