WordPress Parameter Directory Traversal Vulnerability

April 18th, 2008

WordPress Parameter Directory Traversal Vulnerability

WordPress is prone to a ‘cat’ directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. This input validation error was originally reported by Sandor Attila Gerendi and exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks.

An attacker can exploit this issue with a browser. The following example URL demonstrates the error:

http://www.yourblog.com/?cat=1.php/../searchform?

WordPress 2.3.3 is vulnerable; other versions may also be affected. WordPress TRAC has committed fixes to the application’s repository, more information can be found in here. The fix sanitizes “cat” query var and cast to int before looking for a category template.

Share this item with others:

More on CyberInsecure:

WordPress Multiple SQL Injection Vulnerabilities

WordPress Cookie Integrity Protection Allows Unauthorized Access

WordPress 2.8.3 Remote Admin Password Reset Vulnerability

WordPress 2.6.2 Released Due To PHP Weakness That Might Lead To Attack

WordPress Doorway Spam Attacks

Posted in Vulnerabilities |

Print This Post

This entry was posted on Friday, April 18th, 2008 at 3:31 pm and is filed under Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: WordPress Parameter Directory Traversal Vulnerability

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.