Active Members Fi8sVrs Posted December 28, 2012 Active Members Report Share Posted December 28, 2012 W3 Total Cache has faulty defaultsSorry to spoil the day for any sysadmins that thought today would be a slow day, but a security researcher has announced a serious vulnerability in the default configuration of a popular WordPress plugin.W3 Total Cache, which boasts high-traffic sites like Mashable and Lockergnome among its users, has serious vulnerabilities, according to this post on the Full Disclosure list.The default setup – that is, when users simply choose “add plugin” from the WordPress catalogue – left cache directory listings enabled, according to poster Jason Donenfield.This, he said, allows database cache keys to be downloaded on vulnerable installations – and that could expose password hashes. “A simple google search of inurl:wp-content/plugins/w3tc/dbcache and maybe some other magic reveals this wasn't just an issue for me”, he writes.Donenfield later amended the search term to inurl:wp-content/w3tc“Even with directory listings off,” he continues, “cache files are by default publicly downloadable, and the key values / file name of the database cache items are easily predictable.”Donenfield says the developer of the plug-in intends to release a fix “soon”. In the meantime, he notes that “deny from all” should be set in the .htaccess file. ®via New WordPress vuln emerges • The Register Quote Link to comment Share on other sites More sharing options...
Nexus4 Posted December 28, 2012 Report Share Posted December 28, 2012 (edited) Multumesc, aveam nevoie. Edited December 28, 2012 by Nexus4 Quote Link to comment Share on other sites More sharing options...
boogy Posted December 28, 2012 Report Share Posted December 28, 2012 Aici este si script-ul cu care poti ataca : https://rstforums.com/forum/62396-wordpress-w3-total-cache-data-disclosure.rst?highlight=WordPress 1 Quote Link to comment Share on other sites More sharing options...
Robert1995 Posted December 29, 2012 Report Share Posted December 29, 2012 Nu stie nimeni o vulneratibilitate in wordpress, se creeaza N fisiere core.00001, core.00002 ... core.13000 Quote Link to comment Share on other sites More sharing options...
boogy Posted December 29, 2012 Report Share Posted December 29, 2012 (edited) Au scos deja o noua versiune care corijaza vulnerabilitatea: WordPress plugin W3 Total Cache critical Vulnerability disclosed - Hacker News , Security updatesQuote: WordPress plugin W3 Total Cache updated to version 0.9.2.5 with fix for above vulnerability. Edited December 29, 2012 by boogy Quote Link to comment Share on other sites More sharing options...
