oss-sec mailing list archives
Re: CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 14 Feb 2013 22:09:30 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/14/2013 03:37 AM, Henrique Montenegro wrote:
Good morning, I have found an issue with a full-path disclosure in the NextGEN Gallery 1.9.10 and 1.9.11 for Wordpress, a plugin with 6+ million downloads. This issue would let an user to obtain information about paths he/she is not supposed to know in the server. This does not depend on php's display_errors being set to ON, as the information is disclosed by a xml/json that is generated by the plugin code. PoC: http://wordpress.gilgalab.com.br/?callback=json&api_key=true&format=json&method=gallery&id=1 http://wordpress.gilgalab.com.br/?callback=json&api_key=true&format=xml&method=recent&limit=1 Plugin page at wordpress: http://wordpress.org/extend/plugins/nextgen-gallery/ I have informed the wordpress team on this issue on February 8th, but no response has been given about it. Regards, Henrique
Please use CVE-2013-0291 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRHcMKAAoJEBYNRVNeJnmTEaYQANKQlvgNCBWzBj0TU2ejVV8Q PToCxfufToiPE1sPAeQtLBsgDJFS+K6Wizng1XWGKTToGHR3Eh4kOO3vlZPPvnei yLam5lHcAjVcs7qMN5Kso47i+2Rrl6ilmJevBn/O7yajAUV7tl2nHJOfoclhEeia MixBVXY59qU3+ATEJiYktyx++rNiFFdrVb/tbyNpX5RAVpp9Oi5NiULcSV/iFoRW tiDIPiE/cGdylWq5U2MsixWCmfcAZ0rPxEq4klpNOu31Ub47Djr4XogGIyJN2r/e a6dlov0dPvJiMR99Lxr7f86vGB+LveBH7XvCaT1isB89OoTR0nXvic/nnAoXGqUR 1Ebkcu2aVO84IViOtFYOPXC6MxPVJJ/W+I9t4fuNpkUcCawEY4nip3HCQFu51gA7 ufIM7W8tQ7tn90wESuUYnm7i4TQpxSft0+5VcGMXx6+6qrHfXBh2EXo2oXYsWOWx 0t56PzDepoXodi6QX/fC388yJqEcJCDmnIwg35ddQrDYJVBWQTY4aHMjEtedHzcJ amUir/q1rg6Z+NQtQc69cVB4bIiPzTNnq6C/fU+xtcOo1akKnf07jHsfYd2m/F0J CAsj/lNk//cJcik6kIKQN6jIC3r6hVhjrPxNd5d576VRl7rZoBbnyZrcCdt+i5Sj C051vCASlTOHksK18Eu4 =z2uB -----END PGP SIGNATURE-----
Current thread:
- CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Henrique Montenegro (Feb 14)
- Re: CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Kurt Seifried (Feb 14)