oss-security - Re: WP-Super-Cache XSS and Remote Code Exec

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 24 Apr 2013 22:53:35 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com, kseifried@...hat.com
Subject: Re: WP-Super-Cache XSS and Remote Code Exec

On Wed, Apr 24, 2013 at 12:30:57PM -0600, Kurt Seifried wrote:
> http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
> 
> To test leave a comment like: <!?mfunc echo PHP_VERSION; ?><!?/mfunc?>
> 
> To fix it they added a mfunc filter in wp-super-cache-1.3/wp-cache.php:
> 
> +add_filter( 'preprocess_comment','no_mfunc_in_comments' );
> +add_filter( 'comment_text','no_mfunc_in_comments' );
> +add_filter( 'comment_excerpt','no_mfunc_in_comments' );
> +add_filter( 'comment_text_rss','no_mfunc_in_comments' );
> 
> Please use CVE-2013-2009 for this issue.

I was going to request CVEs for these today. No idea why WordPress guys aren't
doing this, but they probably think it will take too much time and in some days
it might. There is a lot of plugins and also lots of vulnerabilities in them.

Should CVE-2013-2009 be used also for w3-total-cache issue?

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.