oss-sec mailing list archives
Re: WP-Super-Cache XSS and Remote Code Exec
From: Henri Salo <henri () nerv fi>
Date: Wed, 24 Apr 2013 22:53:35 +0300
On Wed, Apr 24, 2013 at 12:30:57PM -0600, Kurt Seifried wrote:
http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html To test leave a comment like: <!?mfunc echo PHP_VERSION; ?><!?/mfunc?> To fix it they added a mfunc filter in wp-super-cache-1.3/wp-cache.php: +add_filter( 'preprocess_comment','no_mfunc_in_comments' ); +add_filter( 'comment_text','no_mfunc_in_comments' ); +add_filter( 'comment_excerpt','no_mfunc_in_comments' ); +add_filter( 'comment_text_rss','no_mfunc_in_comments' ); Please use CVE-2013-2009 for this issue.
I was going to request CVEs for these today. No idea why WordPress guys aren't doing this, but they probably think it will take too much time and in some days it might. There is a lot of plugins and also lots of vulnerabilities in them. Should CVE-2013-2009 be used also for w3-total-cache issue? --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Hanno Böck (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)