oss-sec mailing list archives
Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability
From: Joshua Rogers <oss () internot info>
Date: Tue, 18 Nov 2014 11:22:45 +1100
On 18/11/14 10:30, Larry W. Cashdollar wrote:
Turns out Matthew Bryant had already covered everything I had but a few months ago here: http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/
On that blog..
So we have to bruteforce these five hexadecimal digits – what’s the math on that? Since our keyspace is any hex character and we have a total of five digits we have 16^5 possibilities or 1,048,576 permutations.
Using birthday problem maths.. 1048576! / ((1048576-1205)! * 1048576^1205) = 0.500538915 1-0.500538915= .499461085 aka. after 1,205 attempts, you'd have a 50% chance of hitting the correct location.. Just something to consider. -- -- Joshua Rogers <https://internot.info/>
Current thread:
- Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry W. Cashdollar (Nov 17)
- Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Joshua Rogers (Nov 17)
- Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry Cashdollar (Nov 18)
- Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Joshua Rogers (Nov 17)