[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] WordPress Authenticated File Upload Authorisation Bypass
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] WordPress Authenticated File Upload Authorisation Bypass
- From: Gage Bystrom <themadichib0d@xxxxxxxxx>
- Date: Thu, 21 Jun 2012 08:02:26 -0700
to me it seems like hes trying to say that someone with administrative
access has the ability to....have administrative access. Its like
saying "Hey guys! I found a local exploit and all it requires is to be
a root user!!!"
I'm not sure if he's trolling or just stupid.
On Thu, Jun 21, 2012 at 7:42 AM, Greg Knaddison
<greg.knaddison@xxxxxxxxxx> wrote:
> On Wed, Jun 20, 2012 at 8:04 PM, Denis Andzakovic
> <denis.andzakovic@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> Exploitation of this vulnerability requires a malicious user with
>> access to the admin panel to use the
>> "/wp-admin/plugin-install.php?tab=upload" page to upload a malicious
>> file.
>
>
> That tool is meant to allow an admin to upload arbitrary php plugins. You
> can argue that this feature is insecure by design, but there are two
> solutions from the WordPress perspective:
>
> 1) "Don't grant malicious users the permission to install plugins."
> 2) If you don't want this feature on your site at all, this feature can be
> disabled in the config define( 'DISALLOW_FILE_MODS', TRUE);
>
> By the way, two more "vulnerabilities" the theme installer has this same
> issue and the upgrade tool could also be abused if you can poison the DNS of
> the server.
>
> Regards,
> Greg
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/