Bugtraq mailing list archives
Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability
From: g30rg3_x <g30rg3x () gmail com>
Date: Thu, 23 Jul 2009 10:26:12 -0500
Hi Cru3l.b0y, $plugin came from $plugins array which is filled by the glob function which find all " *.php " files that reside under " WPCACHEHOME . 'plugins/' "... Snippet Code from wp-cache-phase1.php at version 0.8.3: $plugins = glob( WPCACHEHOME . 'plugins/*.php' ); if( is_array( $plugins ) ) { foreach ( $plugins as $plugin ) { if( is_file( $plugin ) ) require_once( $plugin ); } } Therefore there is no exploitable security vulnerability. Regards PS: Version 0.8.3 is too old, next time try the latest stable version (0.9.5 at the moment). 2009/7/22 Cru3l.b0y <cru3l.b0y () gmail com>:
Hi Dear, I found a new bug. please publish it. thank you best regards
_________________________ g30rg3_x
Current thread:
- wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability Cru3l.b0y (Jul 23)
- Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability g30rg3_x (Jul 23)