oss-sec mailing list archives

Re: WP-Super-Cache XSS and Remote Code Exec

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 24 Apr 2013 18:41:22 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/24/2013 04:27 PM, Hanno Böck wrote:

On Wed, 24 Apr 2013 12:30:57 -0600 Kurt Seifried
<kseifried () redhat com> wrote:

WP-Super-Cache 1.2 Remote Code Execution Fixed in 1.3:


There are two different changelog entries that look like they
belong to this issue: 
https://wordpress.org/extend/plugins/wp-super-cache/changelog/

1.3 says: "mfunc tags could be executed in comments. Fixed."

and 1.3.2 says: "Any mfunc/mclude/dynamic-cached-content tags in
comments are now removed."

To me this looks like 1.3 contained an incomplete fix that got 
completed in 1.3.2 (?), but I don't know. If that's the case, we
should probably have another CVE for the incomplete fix.


I'm not going to spend time researching this. If you want to, feel
free, based on your results I can assign a CVE if needed.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJReHuxAAoJEBYNRVNeJnmT3N0QAMxpGryTu5OCnQg8M7gSeyk5
moiAo3LznDf2zu57PHOUPI3UnpIIdjsluEOgn6Sbo/BoP/keT6dpG9wg4oVKd/k0
ZlMRUKHjQlPRjBaWvkrwSpDvPil9AcBAWHTNgnA9RsSy0y0gRF3wq4wPydGR6CE6
1U8oM7Ikl9A7GU0//OREscLI4/+q2lqesLWvYlVyFk9lA5bDoOU0JTKnNvtTJb9L
iFKbtmVN/5KlyilTny2yD9HwnW+gY+8qA12uVj/q1i9xFUeHZvUW4TA+As2yomMp
WSn+mNz1FKi1qzEWMIO1pJj6RncubWkF9DBqDL42VWe2POWvp62KcVbc9hHN7pbe
SMobyp+Vl9/mAlg1jdsSbf7jjHj9MptM7EfXcJL7hM2zwqdHgXIglEi8lZfffvcY
MCqzzN89abpz1YNqaicWR3fkjMSi1/YogaWuGZglmGQdx3cCoD70EinA7H0UCok/
l2Eh9Ikz9d0dpevQLWwm49G7dtuKBEy1XsxF11vKKq8GRoiG6+0+YfHVO4s3Imyn
GjjFKHNKByeXk/i5rw71O3cV0lcMgaxCjt0v01R1i1ATjyVdjjWS0+c1ow/pGaC/
+/wbkFFxN8MtWwJdvQas3e/5oe+fu5RyWfcWqM3w3WTGePYKqzQM6/sn0t7SzkhQ
bTwqcH2ybUk5tfQnwt3f
=VCth
-----END PGP SIGNATURE-----

Current thread:

WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo (Apr 24)
  - Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Hanno Böck (Apr 24)
  - Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)