WordPress.org

Ready to get started?Download WordPress

Forums

security exploit: Multiple Vulnerabilities in WordPress 3.3.1 and prior (8 posts)

  1. atoon
    Member
    Posted 2 years ago #

    Does anyone knows workaround for the resent security bugs.
    http://www.exploit-db.com/exploits/18417/

    The worst is the proof of concept is very easy to simulate

  2. safety
    Member
    Posted 2 years ago #

    According to the link you posted the offical word from the vendor is:

    "We give priority to a better user experience at the install process. It is unlikely a user would go to the trouble of installing a copy of WordPress and then not finishing the setup process more-or-less immediately. The window of opportunity for exploiting such a vulnerability is very small."

    However, if you want to limit access to the file, you can add this code near the top right after the error_reporting(0); line.

    if(preg_match("/setup-config.php/i", $_SERVER['REQUEST_URI'])) {
    	$home = $_SERVER['HTTP_HOST'];
    	header('Location: http://' . $home);
    	exit();
    }

    This will redirect anyone who tries to access this file directly to your home page.

  3. rwilki
    Member
    Posted 2 years ago #

    what file would we be editing?

  4. atoon
    Member
    Posted 2 years ago #

    wp-admin/setup-config.php
    Note: & 0 39 ; = '

    Safety: Thanks for the patch

  5. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    I would think the security issue would occur at enabling write access to the admin file?

  6. safety
    Member
    Posted 2 years ago #

    wp-admin/setup-config.php
    Note: & 0 39 ; = '

    Not sure why it decided to change the ' character to that. Must have been too many special characters in a row.

    I would think the security issue would occur at enabling write access to the admin file?

    The issue, as I understand it, is that the site's content would be stored in a db on a remote server. This would allow the attacker to insert any content they wish and have it execute on the vulnerable server.

    With that said, this has to be done during the install process. If you try to run the file after install it will check for the existence of the wp-config.php file and exit after it finds it. That's why there is no push from the vendor to "fix" the "issue".

  7. atoon
    Member
    Posted 2 years ago #

    I installed "Lockdown WordPress Admin" plugin, which hides wp-admin.
    still have to check if it helps.

    Any comments?

  8. atoon
    Member
    Posted 2 years ago #

    BTW:

    on all my WP installations:

    1) wp-admin and underlying directories are mode 755
    and owner is not web server user (e.g apache)
    find wp-admin -type d -exec chmod 755 {} \;

    2) wp-admin/* files are 644 and owner is not apache
    find wp-admin -type f -exec chmod 644 {} \;
    find wp-admin -type f -exec chown WEBUSER {} \;

    NOTE:
    - replace WEBUSER to your web server user name
    - assumed is you are in your blog docroot

Topic Closed

This topic has been closed to new replies.

About this Topic