Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 17 Nov 2014 18:30:11 -0500
From: "Larry W. Cashdollar" <larry0@...com>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download
 Vulnerability

Hello List,

So I had been tinkering with the WP-DB-Backup v2.2.4 plugin that uses security through obscurity to hide the location of the wordpress database backups it creates.  The advisory with PoC I had been working on is here: 

http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/

I contacted the plugin author with my advisory and my proposed fix. The author acknowledged my work, but I never heard from him again.

Turns out Matthew Bryant had already covered everything I had but a few months ago here:

http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/

We aren’t sure if this is CVE worthy, it seems since the database is exposed one only needs to guess the database name in order to succeed besides a bunch of brute forcing stuff. :-)  I thought I would see what you folks had to say.


Thanks
Larry

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.