GoFuckYourself.com - Adult Webmaster Forum - View Single Post

SmokeyTheBear · 05-26-2006, 10:45 PM

posted a thread earlier but didnt have any info to go along with it.. so heres the further details

Advisory ID : FrSIRT/ADV-2006-1992
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-26

Technical Description

A vulnerability has been identified in WordPress, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to input validation errors in the "wp-admin/profile.php" script that does not validate certain parameters before being written to PHP scripts in the "wp-content/cache/userlogins/" and "wp-content/cache/users/" directories, which could be exploited by malicious users to inject and execute arbitrary PHP code with the privileges of the web server.

Note : An input validation error in the "vars.php" script when handling the "PC_REMOTE_ADDR" HTTP header could be exploited by attackers to spoof their IP addresses.

Affected Products

WordPress version 2.0.2 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

05-26-2006, 10:45 PM
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	Wordpress exploit details posted a thread earlier but didnt have any info to go along with it.. so heres the further details Advisory ID : FrSIRT/ADV-2006-1992 CVE ID : GENERIC-MAP-NOMATCH Rated as : High Risk Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-05-26 Technical Description A vulnerability has been identified in WordPress, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to input validation errors in the "wp-admin/profile.php" script that does not validate certain parameters before being written to PHP scripts in the "wp-content/cache/userlogins/" and "wp-content/cache/users/" directories, which could be exploited by malicious users to inject and execute arbitrary PHP code with the privileges of the web server. Note : An input validation error in the "vars.php" script when handling the "PC_REMOTE_ADDR" HTTP header could be exploited by attackers to spoof their IP addresses. Affected Products WordPress version 2.0.2 and prior Solution The FrSIRT is not aware of any official supplied patch for this issue. __________________ hatisblack at yahoo.com