Hello, this kind of "vulnerabilities" exists whenever a PHP scripts issue a fatal error on a poorly configured server. PHP should log errors in a local file and not on the client screen. With this configuration, you will not see a full path disclosure in each uncatched PHP exception. IMHO the security weakness is on the php.ini and not on the web application.
cheers, majinboo 2009/9/28 Fernando A. Lagos B. <ferna...@zerial.org> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Exists an call to add_action() without validate with function_exists(). > When I run the php script directly, I get the full path of wp installation. > > Example: > [+] http://www.marco2010.cl/wp-content/plugins/akismet/akismet.php > [+] http://www.marco2010.cl/wp-content/plugins/hello.php > > > Is a bug? Is a feature? > > More details posted in my blog: > > http://blog.zerial.org/seguridad/vulnerabilidad-en-la-mayoria-de-los-plugins-para-wordpress/ > (spanish) > > > cheers. > - -- > Zerial > Desarrollador y Programador Web > Seguridad Informatica > Linux User #382319 > Blog: http://blog.zerial.org > Skype: erzerial > Jabber: zer...@jabberes.org > GTalk && MSN: ferna...@zerial.org > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkrAwpgACgkQIP17Kywx9JRciQCfZeWYvflVpdSeZ+a+BM3Z6hV3 > 0yUAn08Kan+JbtR13aUxMkw0FzUi+W0r > =/0dj > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
