Re: WP-Super-Cache XSS and Remote Code Exec

[Hanno Böck <hanno () hboeck de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 24 Apr 2013 12:30:57 -0600
Kurt Seifried <kseifried () redhat com> wrote:

> WP-Super-Cache 1.2 Remote Code Execution
> Fixed in 1.3:

There are two different changelog entries that look like they belong to
this issue:
https://wordpress.org/extend/plugins/wp-super-cache/changelog/

1.3 says:
"mfunc tags could be executed in comments. Fixed."

and 1.3.2 says:
"Any mfunc/mclude/dynamic-cached-content tags in comments are now
removed."

To me this looks like 1.3 contained an incomplete fix that got
completed in 1.3.2 (?), but I don't know. If that's the case, we should
probably have another CVE for the incomplete fix.

- -- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIcBAEBCAAGBQJReFxUAAoJEKWIAHK7tR5CdxUP/RfFa1T9gRurS0xwrRgGZ6dn
QK8zLJMxXARrvZv8idL/qgFh/KCclxfHi+4d4YS5RTXoHO5mpLmh62/lwGwRCSYZ
KZ5KNk8Okn68tMeRb5QhiaKwEG4vFBeLzxWJGlQ30NX78eG5sF2X68zqAR7yFqDA
JPaZIlQg7t7fpPNuwUEgRAJeS8PgXcGdSdUzzfgDpjy13ws8PSWzgc1LVZ/yQE+O
zOCNktpRQ7Ds61XltcT7v1GmE6p3cQGLNWsD8QGAKqDOQ0PKhurmf0RGMXPsu9SR
NTmjq2Y7OUJ9pfrKpOkOxOzUbGS5CNV8lSpLawYvSWnZjFVkthY2E4CPLNk84l/J
7GM7roXtJkZs/qboe7l9fIeF1+Ar/2VZab6jqVBGbfdls7PKP22QnMxOYviUHjZb
IE59/fGcuQGjBGXZgfXHGUvQEyvuQj2NZfQ9IKi5kA671VgyaLjYMFLlKdrUoNca
oY8cQGNVMrrdt1gJcXUf46e1oyNkJWP9zWG06roKhRPfeaVYLAUyAdLJldpcraEO
69FoCmgJP3Nyu56NhjDqlZDge+SYrk9cwjPs8CyDYppKUMD6PMWg6iiDzgbAe+0a
xzVfVOtv1r1e4RVH1l3pmNdwCrWPou+YGwDa+w97GRzVYaU4t1xOWyg4+j0uNQP8
7UdD9Wip1zYdhpVyfF5F
=DIVv
-----END PGP SIGNATURE-----