More threads by djbaxter

djbaxter

Administrator
Joined
Jun 28, 2012
Messages
3,778
Solutions
2
Reaction score
1,877
Update WP Super Cache and W3TC Immediately ? Remote Code Execution Vulnerability Disclosed
by Tony Perez, Sucuri.net
April 23, 2013

Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability ? remote code execution (RCE), a.k.a., arbitrary code execution....

A really simple way to test is leave yourself a comment like this:

<!?mfunc echo PHP_VERSION; ?><!?/mfunc?>

If it works, it?ll show you something like this:

Screen-Shot-2013-04-23-at-5.17.32-PM.png


You can see that it?s showing the version of my server?s PHP install. No big deal right? Wrong. This means I can pass any commands I want to your server and they?ll execute, hence the term remote command execution (RCE).

In this instance all I said was echo, or print out, the version of my PHP, in it of itself is benign. Replace my echo with an eval and encode a payload and now it?s a different ball game. Case in point, a backdoor shell, all while going via your comments and bypassing all other authentication controls.

Again, not an issue to be taken lightly, this is a very serious vulnerability, further exasperated by the fact that any user can exploit it. The easiest way to protect yourself is to upgrade. You can find the latest updates on the WordPress.org repository:


Read more...
 

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Events

LocalU Webinar

Trending: Most Viewed

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Top Bottom