Wordpress 2.8.5 XSS and File Upload Vulnerability
The latest vulnerability was discovered on Wordpress v2.8.5 with XSS ( cross site scripting ) and file upload vulnerability. A security issue and vulnerability in Wordress, which can be exploited by an attacker with malicious code to conduct script insertion attacks and compromise a vulnerable system.
The first vulnerability issue is be caused by input passed not properly sanitized before being displayed to the user. With this vulnerability, an attacker can exploit with insert arbitrary HTML and script code which will be executed in a user’s browser session.
The second vulnerability issue is file upload vulnerability. This security issue allows authorized users to add an attachment to a blog post. This file upload does not sanitize properly before moving to upload directory. This vulnerability is caused due to the wp_check_filetype() function in “wp-includes/functions.php” improperly validating uploaded files. In the functions.php file, will remove and replace special characters.
Wordpress developers and contributors was released and patch this vulnerability by release Wordpress v2.8.6. Others solution also can solve this problem with create a .htaccess file in the upload directory. This solution will only be effective if we use the Apache web server. Follow code bellow :
1 2 3 4 5 6 | deny from all <Files ~ "^\w+\.(gif|jpe?g|png|avi)$"> order deny,allow allow from all </Files> |
With this solution, Apache will prevent from serving files with double extensions in the uploads directory.
