WordPress Path Disclosure Vulnerability

Posted by DK
July 11, 2007

XSSNews released a Path Disclosure Vulnerability affecting current releases of WordPress.

The proof of concept URL is as follows:

http://bld/wordpress/?feed=rss2&p=-1

This is a fairly low risk vulnerability in that it only leaks the WordPress path, however, what makes this vulnerability useful however, is that an attacker can use it to learn the WordPress database prefix, which if unknown, can make SQL Injection attacks extremely difficult to exploit. Furthermore, although XSSNews temporary fix is to turn error messaging off, I have tested this and found that in some cases, WordPress actually prints these error messages out making this a gem for WordPress testing.

For more information check out the XSSNews original advisory.

News, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by Daniel on July 11, 2007 @ 8:52 am

For those running mod_security:

SecFilterSelective REQUEST_URI "/\?feed\=rss2\&p=\-1"

Comment by David Kierznowski on July 11, 2007 @ 12:00 pm

Daniel, as always, your feedback is appreciated.

Comment by daniel on July 11, 2007 @ 2:40 pm

I am doing the mod_security document this weekend, but does anyone have any specific requirements, or methods, they would like to know?

Leave a comment

(required)

(required)