WordPress Tierra Audio Path Disclosure

2012-09-12T00:00:00
ID PACKETSTORM:116487
Type packetstorm
Reporter Dark-Puzzle
Modified 2012-09-12T00:00:00

Description

                                        
                                            `# Title : Wordpress-Tierra Audio Full Path Disclosure/Directory Listing Vulnerabilities.  
# Author : Dark-Puzzle (Souhail Hammou)   
# Date : 14th September 2012  
# Risk : Low  
# Tested On : Windows XP SP3 - Fr & Backtrack 5 R3  
# Greetings : Inj3ct0rs - Offensive Security - Security Focus - Packetstorm Security .  
# Contact Me: http://www.facebook.com/dark-puzzle OR dark-puzzle@live.fr  
  
############################################################  
  
Tierra Audio Plugins Is prone to two vulnerabilities .   
To Disclosure the full path you will have to open the file "audio-playlist-manager.php" without an 'id' parameter .  
The origin of this problem is some scripting mistakes .  
  
Example :  
  
http://www.samabima.info/wp-content/plugins/tierra-audio-with-autoresume/audio-playlist-manager.php  
  
#############################################################  
  
In Addition you can navigate the tierra plugin directory easily :  
  
Example :  
  
http://gotconnex.tv/wp-content/plugins/tierra-audio-with-autoresume/  
  
##################################  
Solution :   
.htaccess must be certainly edited to avoid the directory listing problem .  
#################################  
  
  
#Datasec Team .`