Re: [Full-disclosure] [EquipoFraude] Full Path Disclosure in most wordpress' plugins [?]

[Victor Antonio Torre Villahoz <vtorre@xxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This not only happens in the plugins, all files in wp-admin/import/ have
errors like it.

I'm fix it using:

if ( defined('WP_ADMIN') or defined('WP_USE_THEMES') ){
;//coninue
}
else{
die();
}


Fernando A. Lagos B. escribió:
> Exists an call to add_action() without validate with function_exists().
> When I run the php script directly, I get the full path of wp installation.
> 
> Example:
> [+] http://www.marco2010.cl/wp-content/plugins/akismet/akismet.php
> [+] http://www.marco2010.cl/wp-content/plugins/hello.php
> 
> 
> Is a bug? Is a feature?
> 
> More details posted in my blog:
> http://blog.zerial.org/seguridad/vulnerabilidad-en-la-mayoria-de-los-plugins-para-wordpress/
> (spanish)
> 
> 
> cheers.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


- --
Victor Antonio Torre
vtorre @ hispasec.com
PGP Key ID: 74FA965E
Hispasec Sistemas S.L
+34 902 161 025
29590 Málaga (Spain)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJKxp8qAAoJEO8OrbJ0+pZeCwgH/iISumx4AM7EYvebIT39U3L3
/W383B2oNkqYOpsIdb2nmLWoBXgpSWdnZNhZ6Oqy0OPvqMQQjT/DLW0DoXqMPHlT
MrF9ex7eJs6d0u17pMUiIHllqKg/pnWvNvPP2zwQ34L2JxdmesOcbCJ4+faRWfNg
PtPkEWhj44D7qXGNFSubWYbzTr/8nxd7sBjfjedhxDBsbmSKFVTuEAgAubCRaSpO
NQ3Fqls9bAUTBHGI9Yy5x/GQbqAa99v8Mvvb3BgZqQeV+cqxK4HDMqSwXPi7siFa
AODX4dndrEUo5VLoHftEpha2YGQtH7Q1N+C7wxCiupCw5mkT3lhMyx8vvRyHA+0=
=ZYwQ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/