| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <007801ce5cad$27966b70$9b7a6fd5@pc> Date: Wed, 29 May 2013 23:42:55 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk>, "1337 Exploit DataBase" <mr.inj3ct0r@...il.com> Subject: FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress Hello list! These are Full path disclosure and Security bypass vulnerabilities in Exploit Scanner for WordPress. This is security plugin for detecting exploits and backdoors in WordPress. Which failed to identify my Backdoored Web Application (BWA) - a reference test of backdoor scanners (released in December). Last week I've published article "Backdoor scanners testing among plugins for WordPress" (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-May/008832.html). In which I described the results of the testing of multiple plugins-scanners for WordPress and described methods of bypassing all of these scanners. Exploit Scanner was the most bypassable scanner among tested plugins. ------------------------- Affected products: ------------------------- Exploit Scanner for WordPress 1.3.3 and previous versions. Tested in Exploit Scanner 0.95, 1.0.4 and 1.3.3. ------------------------- Affected vendors: ------------------------- Exploit Scanner http://wordpress.org/plugins/exploit-scanner/ ---------- Details: ---------- Full path disclosure (WASC-13): http://site/wp-content/plugins/exploit-scanner/exploit-scanner.php Security bypass (WASC-31): This security bypass allows to inject php backdoor into web site (for executing OS commands), which will not be identified by the plugin. All details about detecting BWA by different versions of the plugin and methods of their bypass are described in my article. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists