[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability
From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Jul 2009 21:29:10 +0300

Hello Bugtraq!

Vulnerability "wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion
Vulnerability" is non-working. Because mentioned RFI doesn't exist.

Cru3l.b0y, please, always check all vulnerabilities which you find. As I
already said to author of fake vulnerability in WordPress Plugin Related
Sites 2.1 (http://websecurity.com.ua/3281/), no need to litter security
space in Internet with non-working vulnerabilities.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Cru3l.b0y (cru3l b0y gmail com)

Hi Dear,
I found a new bug. please publish it.
thank you
best regards
========================================================================
===================

[o] wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion
Vulnerability

Software : WP Super Cache v0.8.3

Vendor : http://wordpress.org/

Download : http://downloads.wordpress.org/plugin/wp-super-cache.0.8.3.zip

Author : Cru3l.b0y

Home : WwW.DeltaHacking.Net

Description : A very fast caching engine for WordPress that produces
static html files.

========================================================================
===================

[o] Vulnerable file

wp-cache-phase1.php

require_once( $plugin );

[o] Exploit

http://localhost/[path]/wp-cache-phase1.php?plugin=shell



!DSPAM:4a68ac2539181554220484!

Prev by Date: Stored XSS on Communigate Pro 5.2.14 and prior versions
Next by Date: Re: Re: Back door trojan in acajoom-3.2.6 for joomla
Previous by thread: Stored XSS on Communigate Pro 5.2.14 and prior versions
Next by thread: [USN-806-1] Python vulnerabilities
Index(es):
- Date
- Thread