Aliyun Hint: Background plugin update module Any directory traversal leads to DOS vulnerabilities

The loophole should have burst in September or so, very busy all the time. From the very beginning to the recent, Aliyun backstage always hint "wordpress Backstage plugin update module any directory traversal cause DOS loophole", for a bit of compulsive disease stall owners is unbearable, because did not buy Aliyun's knight function automatic repair, plus not empty, has been Tunliu so far.

Idle free time, Baidu to the relevant solutions, conveniently resolved and record to do a backup.

Vulnerability Name: WordPress Background Plugin update module Any directory traversal leads to DOS vulnerabilities
Patch Number: 7935230
Patch file: wp-admin/includes/ajax-actions.php
Patch Source: Yun Dun Self-research
Update Time: 2016-09-15 11:44:46
Vulnerability Description: WordPress background file/wp-admin/includes/ajax-actions.php, the Code plug-in path input parameters plugin not properly normalized escape, resulting in a hacker can pass into a special path, resulting in denial of service. "Note: This patch is a Yun Dun self-Research code repair scheme, Cloud Shield will be based on your current code to meet the Yun Dun self-research repair mode to detect, if you take the floor/framework of unified repair, or use of other repair scenarios, may cause you have fixed the bug, Cloud Shield still reported a vulnerability, You may choose to ignore this vulnerability prompt when you encounter this situation.
Manual repair wordpress Background plugin update module any directory traversal cause DOS vulnerabilities, we can probably be divided into the following three WordPress version:

One, WordPress 4.6.1 version

According to Boke112 's own verification, just want to upgrade WordPress to 4.6.1 can be destroyed this wordpress background plugin update module Any directory traversal leads to DOS vulnerabilities, so it is strongly recommended to upgrade WordPress directly to version 4.6.1.

Second, WordPress 4.5.4 version

Repair steps:

Near the 3068 lines of the file ajax-actions.php:

$plugin = UrlDecode ($_post[' plugin '));

After this code, add the following:

$plugin = Plugin_basename (Sanitize_text_field (Wp_unslash ($_post[' plugin ')));

At this point, modify save upload overlay can successfully repair WordPress 4.5.4 version of the WordPress background plugin update module Any directory traversal led to DOS vulnerabilities.

Third, WordPress 4.5.4 version of the following

WordPress 4.5.4 version of the following, in addition to according to the WordPress 4.5.4 version of the method to repair, you need to continue to do the following two steps (PS: If a version of the following 2 points in the code has been repaired with the same do not have to modify):

1. About 3004 lines in the document ajax-action.php:

if ($plugin _update_data = = True) {
Wp_send_json_error ($status);
}

Modified to:

if ($plugin _update_data = = True) {
$status [' ERROR '] = __ (' Plugin update failed. ');
Wp_send_json_error ($status);
}

2. Find about 3025 lines:

if (Is_wp_error ($wp _filesystem->errors) && $wp _filesystem->errors->get_error_code ()) {
$status [' error '] = $WP _filesystem->errors->get_error_message ();
}
Wp_send_json_error ($status);
}
}

Modified to:

if (Is_wp_error ($wp _filesystem->errors) && $wp _filesystem->errors->get_error_code ()) {
$status [' error '] = $WP _filesystem->errors->get_error_message ();
}
Wp_send_json_error ($status);
} else {
An unhandled error occured
$status [' ERROR '] = __ (' Plugin update failed. ');
Wp_send_json_error ($status);
}
}

After modifying the save, wordpress background plugin update module any directory traversal cause DOS vulnerabilities repaired!