Bugtraq mailing list archives
Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities
From: Henri Salo <henri () nerv fi>
Date: Wed, 30 Nov 2011 23:40:40 +0200
On Wed, Nov 23, 2011 at 12:30:58PM +0000, Amir () irist ir wrote:
a bug in Wordpress enable-latex plugin that allows to us to occur a Remote File Include on a Remote machin. ################################################################################################################################ # # # Aria Security Team - Persian Network Security # # # # http://Aria-Security.Com/forum/ # # # ################################################################################################################################ # # # Wordpress enable-latex plugin Remote File Include Vulnerabilities # # # # Download......: http://wordpress.org/extend/plugins/enable-latex/ # # # # Exploit.......: http://www.site.com/[path]/wp-content/plugins/enable-latex/core.php?url=[Rfi]? # # # # Google Search.: "Powered by Wordpress" # # # ################################################################################################################################ # # # Bug Found.....: Aria-Security # # # # discovery.....: Am!r (IrIsT?) # # # # contact.......: Amir[at]IrIsT.ir # # # # SP TNX........: The-0utl4w & A.u.r.A & B3HZ4D & m3hdi & joker_s & all IrIsT And Aria-security members # # # ################################################################################################################################
I have now tested this with following versions: WordPress: 3.2.1 Enable Latex: 1.1.2 I was unable to reproduce this issue. All I received back from application: "Sorry, you are not allowed to access this file directly.", which comes from core.class.php: 7 /* Prevent direct access to this file */ 8 if (!defined('ABSPATH')) { 9 exit("Sorry, you are not allowed to access this file directly."); 10 } This was added between revisions: """ ------------------------------------------------------------------------ r467422 | sedLex | 2011-11-25 16:13:39 +0200 (Fri, 25 Nov 2011) | 1 line bug ------------------------------------------------------------------------ r458335 | sedLex | 2011-11-01 19:00:07 +0200 (Tue, 01 Nov 2011) | 1 line New version """ With version r458335 I am unable to reproduce this issue as these PHP-files just give require_once PHP warnings. Could you please help me with this issue to identify if this is valid announcement and with what versions, thank you. - Henri Salo
Current thread:
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities Henri Salo (Dec 01)
- <Possible follow-ups>
- Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities Henri Salo (Dec 05)