New WordPress vuln emerges

[Fi8sVrs]

W3 Total Cache has faulty defaults

Sorry to spoil the day for any sysadmins that thought today would be a slow day, but a security researcher has announced a serious vulnerability in the default configuration of a popular WordPress plugin.

W3 Total Cache, which boasts high-traffic sites like Mashable and Lockergnome among its users, has serious vulnerabilities, according to this post on the Full Disclosure list.

The default setup – that is, when users simply choose “add plugin” from the WordPress catalogue – left cache directory listings enabled, according to poster Jason Donenfield.

This, he said, allows database cache keys to be downloaded on vulnerable installations – and that could expose password hashes. “A simple google search of

inurl:wp-content/plugins/w3tc/dbcache

and maybe some other magic reveals this wasn't just an issue for me”, he writes.

Donenfield later amended the search term to

inurl:wp-content/w3tc

“Even with directory listings off,” he continues, “cache files are by default publicly downloadable, and the key values / file name of the database cache items are easily predictable.”

Donenfield says the developer of the plug-in intends to release a fix “soon”. In the meantime, he notes that “deny from all” should be set in the .htaccess file. ®

via New WordPress vuln emerges • The Register

[Nexus4]

Multumesc, aveam nevoie.

Edited December 28, 2012 by Nexus4

[boogy]

Aici este si script-ul cu care poti ataca : https://rstforums.com/forum/62396-wordpress-w3-total-cache-data-disclosure.rst?highlight=WordPress

[Robert1995]

Nu stie nimeni o vulneratibilitate in wordpress, se creeaza N fisiere core.00001, core.00002 ... core.13000

[boogy]

Au scos deja o noua versiune care corijaza vulnerabilitatea: WordPress plugin W3 Total Cache critical Vulnerability disclosed - Hacker News , Security updates

Quote: WordPress plugin W3 Total Cache updated to version 0.9.2.5 with fix for above vulnerability.

Edited December 29, 2012 by boogy