oss-sec mailing list archives
Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability
From: "Larry W. Cashdollar" <larry0 () me com>
Date: Mon, 17 Nov 2014 18:30:11 -0500
Hello List, So I had been tinkering with the WP-DB-Backup v2.2.4 plugin that uses security through obscurity to hide the location of the wordpress database backups it creates. The advisory with PoC I had been working on is here: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/ I contacted the plugin author with my advisory and my proposed fix. The author acknowledged my work, but I never heard from him again. Turns out Matthew Bryant had already covered everything I had but a few months ago here: http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/ We aren’t sure if this is CVE worthy, it seems since the database is exposed one only needs to guess the database name in order to succeed besides a bunch of brute forcing stuff. :-) I thought I would see what you folks had to say. Thanks Larry
Current thread:
- Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry W. Cashdollar (Nov 17)
- Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Joshua Rogers (Nov 17)
- Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry Cashdollar (Nov 18)
- Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Joshua Rogers (Nov 17)