Security Information and Review

Collection of security information and review

Wordpress 2.8.5 XSS and File Upload Vulnerability

Author : Admin

The latest vulnerability was discovered on Wordpress v2.8.5 with XSS ( cross site scripting ) and file upload vulnerability. A security issue and vulnerability in Wordress, which can be exploited by an attacker with malicious code to conduct script insertion attacks and compromise a vulnerable system.

The first vulnerability issue is be caused by input passed not properly sanitized before being displayed to the user. With this vulnerability, an attacker can exploit with insert arbitrary HTML and script code which will be executed in a user’s browser session.

The second vulnerability issue is file upload vulnerability. This security issue allows authorized users to add an attachment to a blog post. This file upload does not sanitize properly before moving to upload directory. This vulnerability is caused due to the wp_check_filetype() function in “wp-includes/functions.php” improperly validating uploaded files. In the functions.php file, will remove and replace special characters.

Wordpress developers and contributors was released and patch this vulnerability by release Wordpress v2.8.6. Others solution also can solve this problem with create a .htaccess file in the upload directory. This solution will only be effective if we use the Apache web server. Follow code bellow :

deny from all 
<Files ~ "^\w+\.(gif|jpe?g|png|avi)$"> 
        order deny,allow 
        allow from all 

With this solution, Apache will prevent from serving files with double extensions in the uploads directory.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Web Application Security
If you like this posts, please leave messages / comments.