Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability

[g30rg3_x <g30rg3x () gmail com>]

Hi Cru3l.b0y,

$plugin came from $plugins array which is filled by the glob function
which find all " *.php " files that reside under " WPCACHEHOME .
'plugins/' "...
Snippet Code from wp-cache-phase1.php at version 0.8.3:
$plugins = glob( WPCACHEHOME . 'plugins/*.php' );
if( is_array( $plugins ) ) {
        foreach ( $plugins as $plugin ) {
        if( is_file( $plugin ) )
                require_once( $plugin );
        }
}

Therefore there is no exploitable security vulnerability.

Regards
PS: Version 0.8.3 is too old, next time try the latest stable version
(0.9.5 at the moment).

2009/7/22 Cru3l.b0y <cru3l.b0y () gmail com>:
> Hi Dear,
> I found a new bug. please publish it.
> thank you
> best regards
_________________________
             g30rg3_x