| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Nov 2011 23:40:40 +0200
From: Henri Salo <henri@...v.fi>
To: bugtraq@...urityfocus.com
Cc: Amir@...st.ir
Subject: Re: Wordpress enable-latex plugin Remote File Include
Vulnerabilities
On Wed, Nov 23, 2011 at 12:30:58PM +0000, Amir@...st.ir wrote:
> a bug in Wordpress enable-latex plugin that allows to us to occur a Remote File Include on a Remote machin.
>
>
>
> ################################################################################################################################
> # #
> # Aria Security Team - Persian Network Security #
> # #
> # http://Aria-Security.Com/forum/ #
> # #
> ################################################################################################################################
> # #
> # Wordpress enable-latex plugin Remote File Include Vulnerabilities #
> # #
> # Download......: http://wordpress.org/extend/plugins/enable-latex/ #
> # #
> # Exploit.......: http://www.site.com/[path]/wp-content/plugins/enable-latex/core.php?url=[Rfi]? #
> # #
> # Google Search.: "Powered by Wordpress" #
> # #
> ################################################################################################################################
> # #
> # Bug Found.....: Aria-Security #
> # #
> # discovery.....: Am!r (IrIsT?) #
> # #
> # contact.......: Amir[at]IrIsT.ir #
> # #
> # SP TNX........: The-0utl4w & A.u.r.A & B3HZ4D & m3hdi & joker_s & all IrIsT And Aria-security members #
> # #
> ################################################################################################################################
I have now tested this with following versions:
WordPress: 3.2.1
Enable Latex: 1.1.2
I was unable to reproduce this issue. All I received back from application: "Sorry, you are not allowed to access this file directly.", which comes from core.class.php:
7 /* Prevent direct access to this file */
8 if (!defined('ABSPATH')) {
9 exit("Sorry, you are not allowed to access this file directly.");
10 }
This was added between revisions:
"""
------------------------------------------------------------------------
r467422 | sedLex | 2011-11-25 16:13:39 +0200 (Fri, 25 Nov 2011) | 1 line
bug
------------------------------------------------------------------------
r458335 | sedLex | 2011-11-01 19:00:07 +0200 (Tue, 01 Nov 2011) | 1 line
New version
"""
With version r458335 I am unable to reproduce this issue as these PHP-files just give require_once PHP warnings. Could you please help me with this issue to identify if this is valid announcement and with what versions, thank you.
- Henri Salo
Powered by blists - more mailing lists