[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities
- To: Amir@xxxxxxxx
- Subject: Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities
- From: Henri Salo <henri@xxxxxxx>
- Date: Sat, 3 Dec 2011 14:21:52 +0200
On Wed, Nov 23, 2011 at 12:30:58PM +0000, Amir@xxxxxxxx wrote:
> a bug in Wordpress enable-latex plugin that allows to us to occur a Remote
> File Include on a Remote machin.
>
>
>
> ################################################################################################################################
> #
> #
> # Aria Security Team - Persian Network Security
> #
> #
> #
> # http://Aria-Security.Com/forum/
> #
> #
> #
> ################################################################################################################################
> #
> #
> # Wordpress enable-latex plugin Remote File Include Vulnerabilities
> #
> #
> #
> # Download......: http://wordpress.org/extend/plugins/enable-latex/
> #
> #
> #
> # Exploit.......:
> http://www.site.com/[path]/wp-content/plugins/enable-latex/core.php?url=[Rfi]?
> #
> #
> #
> # Google Search.: "Powered by Wordpress"
> #
> #
> #
> ################################################################################################################################
> #
> #
> # Bug Found.....: Aria-Security
> #
> #
> #
> # discovery.....: Am!r (IrIsT?)
> #
> #
> #
> # contact.......: Amir[at]IrIsT.ir
> #
> #
> #
> # SP TNX........: The-0utl4w & A.u.r.A & B3HZ4D & m3hdi & joker_s & all IrIsT
> And Aria-security members #
> #
> #
> ################################################################################################################################
Amir please stop posting to bugtraq. This was third false-positive or you are
testing with unsecure www-server/browser. If you for example had
global_register disabled you should say this in your advisory so people don't
worry for nothing. This also creates negative reputation to plugins without no
good reason. You also don't follow good policy to notify vendors before posting
to public mailing-list. They should have few weeks to months of time to fix
these issues and coordinate if necessary.
http://wordpress.org/support/topic/plugin-enable-latex-false-positive-remote-file-include-vulnerability
Please note that I am not trying to be offensive here. You should definately
continue your research and intrest in information security. Please contact me
if you need verification of issues. I am more than happy to help you!
- Henri Salo