WordPress Path Disclosure Vulnerability
Filed Under (News, WordPress) by DK on 11 July 2007

XSSNews released a Path Disclosure Vulnerability affecting current releases of WordPress.

The proof of concept URL is as follows:

http://bld/wordpress/?feed=rss2&p=-1

This is a fairly low risk vulnerability in that it only leaks the WordPress path, however, what makes this vulnerability useful however, is that an attacker can use it to learn the WordPress database prefix, which if unknown, can make SQL Injection attacks extremely difficult to exploit. Furthermore, although XSSNews temporary fix is to turn error messaging off, I have tested this and found that in some cases, WordPress actually prints these error messages out making this a gem for WordPress testing.

For more information check out the XSSNews original advisory.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

Daniel on 11 July, 2007 at 8:52 am #

For those running mod_security:

SecFilterSelective REQUEST_URI "/\?feed\=rss2\&p=\-1"


David Kierznowski on 11 July, 2007 at 12:00 pm #

Daniel, as always, your feedback is appreciated.


daniel on 11 July, 2007 at 2:40 pm #

I am doing the mod_security document this weekend, but does anyone have any specific requirements, or methods, they would like to know?


Comment
Name:
Email:
Website:
Message: