Date: Thu, 14 Feb 2013 08:37:29 -0200 From: Henrique Montenegro <typoon@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request - Full Path disclosure on Wordpress plugin NextGEN Gallery Good morning, I have found an issue with a full-path disclosure in the NextGEN Gallery 1.9.10 and 1.9.11 for Wordpress, a plugin with 6+ million downloads. This issue would let an user to obtain information about paths he/she is not supposed to know in the server. This does not depend on php's display_errors being set to ON, as the information is disclosed by a xml/json that is generated by the plugin code. PoC: http://wordpress.gilgalab.com.br/?callback=json&api_key=true&format=json&method=gallery&id=1 http://wordpress.gilgalab.com.br/?callback=json&api_key=true&format=xml&method=recent&limit=1 Plugin page at wordpress: http://wordpress.org/extend/plugins/nextgen-gallery/ I have informed the wordpress team on this issue on February 8th, but no response has been given about it. Regards, Henrique
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.