oss-sec mailing list archives
Re: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8
From: "Larry W. Cashdollar" <larry0 () me com>
Date: Thu, 02 Apr 2015 16:23:38 -0400
Hello Folks, You can get php execution by using the file extension .phtml for both of these advisories. I'm currently updating the advisories and the vendor. Try using an uncommon extension not defined in /etc/mime.types. $ grep "#app" /etc/mime.types #application/vnd.ms-pki.stl stl #application/x-httpd-eruby rhtml #application/x-httpd-php phtml pht php #application/x-httpd-php-source phps #application/x-httpd-php3 php3 #application/x-httpd-php3-preprocessed php3p #application/x-httpd-php4 php4 #application/x-httpd-php5 php5
On Mar 31, 2015, at 9:54 PM, Larry W. Cashdollar <larry0 () me com> wrote: Title: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Author: Larry W. Cashdollar, @_larry0 Date: 2015-03-29 Download Site: https://wordpress.org/support/plugin/videowhisper-video-conference-integration Vendor: http://www.videowhisper.com/ Vendor Notified: 2015-03-31, won’t fix. http://www.videowhisper.com/tickets_view.php?t=10019545-1427810822 Vendor Contact: http://www.videowhisper.com/tickets_submit.php Advisory: http://www.vapid.dhs.org/advisory.php?v=116 Description: From their site "VideoWhisper Video Conference is a modern web based multiple way video chat and real time file sharing tool. Read more on WordPress Video Conference plugin home page."
Current thread:
- Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar (Mar 31)
- Re: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 Larry W. Cashdollar (Apr 02)