lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4FE351F9.7020307@upv.es>
Date: Thu, 21 Jun 2012 18:55:21 +0200
From: Hector Marco <hecmargi@....es>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: WordPress Authenticated File Upload
 Authorisation Bypass


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



1.- "WordPress Authenticated File Upload Authorisation Bypass" ... where
is the "Bypass" ?
2.- "A malicious user with access to the admin panel" .. this user does
not need any more :)



El 21/06/12 17:02, Gage Bystrom escribió:
> to me it seems like hes trying to say that someone with administrative
> access has the ability to....have administrative access. Its like
> saying "Hey guys! I found a local exploit and all it requires is to be
> a root user!!!"
>
> I'm not sure if he's trolling or just stupid.
>
> On Thu, Jun 21, 2012 at 7:42 AM, Greg Knaddison
> <greg.knaddison@...uia.com> wrote:
>> On Wed, Jun 20, 2012 at 8:04 PM, Denis Andzakovic
>> <denis.andzakovic@...urity-assessment.com> wrote:
>>>
>>> Exploitation of this vulnerability requires a malicious user with
>>> access to the admin panel to use the
>>> "/wp-admin/plugin-install.php?tab=upload" page to upload a malicious
>>> file.
>>
>>
>> That tool is meant to allow an admin to upload arbitrary php plugins. You
>> can argue that this feature is insecure by design, but there are two
>> solutions from the WordPress perspective:
>>
>> 1) "Don't grant malicious users the permission to install plugins."
>> 2) If you don't want this feature on your site at all, this feature can be
>> disabled in the config define( 'DISALLOW_FILE_MODS', TRUE);
>>
>> By the way, two more "vulnerabilities" the theme installer has this same
>> issue and the upgrade tool could also be abused if you can poison the
DNS of
>> the server.
>>
>> Regards,
>> Greg
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP41H2AAoJEKXHFbLwCyFqezcP/jO8GwraKDBoDhtJNTnkQFjS
ZOdlKj3yT6PcKJTAGyH+a4x1HBbRHtThHC9GOQm+Fzv/NJ/BYVeL495CeMVrxR/7
tCeirDTV0ek28qZmfdJbQy41GYaI9/JScjh+K8rEby5jOurnNGR0G4LARX9n3iBC
MZOarxVkmF5nkRf1Tc+PgqIa2mLHn8j1nNvm+pRVuXYMr3eYqwfZNUsudoZ6cliu
J2SIZja6kmltO6vuKw2VxY8Tv9W6U+RdRhvAUas4L+sjOrzJQ7N8NopvaPai3tf1
ZyZ0Z0Zo0/XujhdpYp0JmhAjyQx8ftu9mkMlsrwPYH+c4q078R8iTQXo6gfvveb6
93WtWPq0WUwfbKd/AHDuTJ3IRm07XuHPYwSoylA+3ugvuDqcIWhREfL3OZCKzw64
f35qcUfaI7fpNUG1uMVnbBpoYR4YOs7BEoB6AS+0JTy4qNBpSE8S6n2GgS0OpZ3w
qm1ClygSAbcJDqkM2Tsy9z43CJFF32FUCM3irgUZyhxYRPu7axyU4tASu+TyokHu
yTpWSgboMlb8oVvX6sznHdRqbbOKQesdZU6/1ZcyIDuMC7DD5dfx4/nD2lMVC16H
QW8vG5q9E1IpfXGbrpG5lOayRuaUGgpD72whziuO7tqx+at/cTegKXQvn+qthn3f
y9DYJ+1afNMjsSFOty2y
=Q43y
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ