Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 23 Oct 2013 19:30:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE for Wordpress plugin Portable-phpmyadmin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/22/2013 09:00 PM, Anant Shrivastava wrote:
> Exactly, You request the proper url and it lets you in as well as
> let you perform all database level operations available on that
> specific file. some sample screenshots should clear the issue
> (attached for reference). [while phpmyadmin requires a valid userid
> and password for mysql db these credentials are pulled from
> wp-config.php (wordpress config fle) file directly in this plugin]
> 
> Besides these two, there are a large number of full path disclosure
> on the whole project also however as wordpress itself doesn't
> consider that as a security issue rather mark it as a configuration
> issue 
> (http://codex.wordpress.org/Security_FAQ#Why_are_there_path_disclosures_when_directly_loading_certain_files.3F)
>  Hence those are not reported.
> 
> 
> Anant Shrivastava GWAPT | CEH | RHCE Mob : 91-9880166033 E-mail :
> anant@...ntshri.info <mailto:anant@...ntshri.info> Web :
> http://anantshri.info

Please use CVE-2013-4462 for the auth bypass portion of these
vulnerabilitties.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSaHg5AAoJEBYNRVNeJnmTQksP/2NlMC93l36a3Oe/ymjuXWcz
7dwAleXexfiLpAAANOtyT6c2G5yZSgAzUp3A2W6My2JgQE1i5gtgIBcpuegggXlE
lhuQaZN0Xg/2aLsB8VV1lNRfmr+t+/4MzdMxfJ+ssuTCPi/o/5V/kQy5pKJMUjP7
lh1O+OfjFqtdk5q23elS5hvd6IQFIF+zv7H6s3UAiydcN5FYIbzVikVJdKwX0ldW
SuU3JLOsuVbfiqdjcP34ao56PP7Oc3kDNTduD6s9QO85/yGmKjP9JzEKjWGLvl9+
4GRliHW1hAYC3f177hfrgf0umWpyesA64i7FbfRCNoGONyEDOR8ow7/t5cIg0lkY
ZaLkBAMPXQrxxoDeGOUXNgL1YJv8iZfHTNi6FuapaZ2CWOetu1SmBft2aSUoeXAx
nM4iOpWJ6aZOzAgCgU8Axcn6BjIHZb1K4+QTbt5kVrHa3L8ByjwhyzIqUc/Jq3d4
G4GvnXlA60UnpcTFb+ju1fFVwI/Mnr5GmR8ef0/+blLUGsB+gp1VR+2Xo7JlRONQ
Gy93p6VCsTuFwT9jNIz0dvsV0xs8xGhaEIkuIq5DL0n6TGyDw9B/VLygEAy322X2
Eaa/4AB/epPwtBEh3acS7Xn+l2VCg3S+cQsRxhMPj8JhqEM0sUuI9lNYZzUXSBqO
Y66NUitSzjzNWAZ2XxFf
=epl0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.