Wordpress 2.1.1 Command Execution Backdoor Vulnerability
BID:22797
Info
Wordpress 2.1.1 Command Execution Backdoor Vulnerability
| Bugtraq ID: | 22797 |
| Class: | Unknown |
| CVE: |
CVE-2007-1277 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | This issue was discovered by Ivan Fratric. |
| Vulnerable: |
WordPress WordPress 2.1.1 |
| Not Vulnerable: |
WordPress WordPress 2.1.2 |
Discussion
Wordpress 2.1.1 Command Execution Backdoor Vulnerability
An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands.
The vendor has acknowledged this vulnerability and recommends that all users who have installed version 2.1.1 upgrade to version 2.1.2 or later. This issue appears limited to the 2.1.1 release.
An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands.
The vendor has acknowledged this vulnerability and recommends that all users who have installed version 2.1.1 upgrade to version 2.1.2 or later. This issue appears limited to the 2.1.1 release.
Exploit / POC
Wordpress 2.1.1 Command Execution Backdoor Vulnerability
The following examples were provided:
http://www.example.com/wp-includes/feed.php?ix=phpinfo();
http://www.example.com/wp-includes/theme.php?iz=cat /etc/passwd
The following examples were provided:
http://www.example.com/wp-includes/feed.php?ix=phpinfo();
http://www.example.com/wp-includes/theme.php?iz=cat /etc/passwd
Solution / Fix
Wordpress 2.1.1 Command Execution Backdoor Vulnerability
Solution:
Wordpress 2.1.2 addresses this issue. The vendor has also stated that the 2.0.x release line is not affected by the issue.
WordPress WordPress 2.1.1
Solution:
Wordpress 2.1.2 addresses this issue. The vendor has also stated that the 2.0.x release line is not affected by the issue.
WordPress WordPress 2.1.1
-
WordPress wordpress-2.1.2.zip
http://wordpress.org/wordpress-2.1.2.zip
References
Wordpress 2.1.1 Command Execution Backdoor Vulnerability
References:
References:
- WordPress 2.1.1 Dangerous, Upgrade (WordPress)
- WordPress source code compromised to enable remote code execution ([email protected])
- Vulnerability Note VU#214480 - WordPress fails to properly sanitize input passed (US-CERT)
- Vulnerability Note VU#641456 - WordPress fails to properly sanitize input passed (US-CERT)