WordPress Parameter Directory Traversal Vulnerability

April 18th, 2008

WordPress Parameter Directory Traversal Vulnerability

WordPress is prone to a ‘cat’ directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. This input validation error was originally reported by Sandor Attila Gerendi and exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks.

An attacker can exploit this issue with a browser. The following example URL demonstrates the error:

http://www.yourblog.com/?cat=1.php/../searchform?

WordPress 2.3.3 is vulnerable; other versions may also be affected. Wordpress TRAC has committed fixes to the application’s repository, more information can be found in here. The fix sanitizes “cat” query var and cast to int before looking for a category template.

Email, Bookmark or Share:

More on CyberInsecure:

WordPress Multiple SQL Injection Vulnerabilities

WordPress Cookie Integrity Protection Allows Unauthorized Access

WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack

Wordpress Doorway Spam Attacks

New Features, Security Improvements And Above 194 Bugs Fixed In WordPress 2.6

Posted in Vulnerabilities |

Print This Post

This entry was posted on Friday, April 18th, 2008 at 3:31 pm and is filed under Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: WordPress Parameter Directory Traversal Vulnerability

Comments with unsolicited links to other resources will be marked as spam. Please leave your real email, it wont be published.

Latest Virus Descriptions

not-a-virus:NetTool.Win32.Transmit.a 07 Oct 2008 11:59:00 +040
This is a potentially unwanted program (PUP). It is a Windows PE EXE file. It is 32768 bytes in size. It is packed using PECompact. The unpacked file is approximately 192KB in size.
Trojan-Downloader.JS.Agent.bxr 07 Oct 2008 11:56:00 +040
This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Visual Basic Script file. It is 1159 bytes in size.
Worm.Win32.AutoRun.bnb 07 Oct 2008 11:39:00 +040
This worm propagates by creating copies of itself on local disks and write-accessible network resources. It is a Windows PE EXE file. It is 46592 bytes in size. It is packed using UPX. The unpacked file is approximately 107MB in size. Installation The worm copies its executable file to the…
Trojan.Win32.ConnectionServices.e 07 Oct 2008 11:35:00 +040
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 319488 bytes in size.
Trojan.Win32.Agent.bve 06 Oct 2008 13:09:00 +040
This Trojan has a malicious payload. The program itself is a Windows PE DLL file. It is approximately 100KB in size. Installation The Trojan copies its executable file to the Windows system directory: %System%\mstmdm.dll In order to ensure that the Trojan is launched automatically each time the…
Trojan-Downloader.JS.Psyme.ali 06 Oct 2008 12:50:00 +040
This Trojan downloads another program via the Internet without the user’s knowledge or consent. It is a Visual Basic Script file. It is 10881 bytes in size.
Email-Worm.Win32.Joleee.ak 06 Oct 2008 12:44:00 +040
This malicious program is a Windows PE EXE file. It is 45056 bytes in size. Installation When launched, the worm copies its executable file to the Windows root directory: [%WinDir%\services.exe In order to ensure that the worm is launched automatically each time the system is booted, it adds a…
Backdoor.Win32.Delf.duc 03 Oct 2008 18:24:00 +040
This malicious program is a Trojan. It is a Windows PE EXE file. It is 447488 bytes in size.
Trojan-Downloader.Win32.Agent.qlh 03 Oct 2008 18:21:00 +040
This Trojan downloads another program and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 49152 bytes in size. It is written in C++.
Exploit.JS.Agent.sc 03 Oct 2008 18:19:00 +040
This malicious program is an exploit which uses a vulnerability in the RealAudioObjects.RealAudio Active X control to download other malicious programs via the Internet and launch them on the victim machine. The program is an HTML page which contains Java Script scenarios. It is 5294 bytes in…

CyberInsecure.com

WordPress Parameter Directory Traversal Vulnerability

Leave a Reply

Categories

Archives

Links

Internet Threat Level

Recent Enteries

Vendor Security Alerts

Subscribe

Members

Latest Virus Descriptions