wp-super-cache vulnerable to PHP Injection?

  • factoryjoe

    (@factoryjoe)


    16 years, 5 months ago

    I’ve seen a separate report now that the WP Super Cache is vulnerable to PHP Injection attacks. Can you please report on this?

Viewing 13 replies - 1 through 13 (of 13 total)
  • webinista

    (@webinista)

    16 years, 5 months ago

    I also noticed that my server was compromised after installing WP Super Cache. I deleted the plugin files, and things appear to be resolved. But please look into this.

    Donncha O Caoimh (a11n)

    (@donncha)

    16 years, 5 months ago

    Please email me at donncha at ocaoimh.ie with some details and what you know, thanks!

    archon810

    (@archon810)

    16 years, 5 months ago

    Please provide more info, this is very important for everyone!

    Donncha O Caoimh (a11n)

    (@donncha)

    16 years, 5 months ago

    There is no vulnerability. A small bug allowed the cache to create empty directories outside of the supercache folder but it’s fixed in 0.3.1

    Rok

    (@rok)

    16 years, 5 months ago

    Donncha, thanks for explaining.

    And first two post authors: next time, provide the details, you’ve come across, so that those can be addressed timely.

    Rok

    (@rok)

    16 years, 4 months ago

    Very Important!

    I’ve to re-open this post as the vulnerabilities mentioned by factoryjoe are still exisiting, even in the latest version 0.5.1

    For the past 20 days, I was testing each and every plugin and template files and today. I’m zeored on WordPress Super Cache the cause of the vulnerabilities.

    After digging further, I came across similiar incidents and immediately posted here for Donncha attention, as my comments are not passed through his blog.

    Donncha O Caoimh (a11n)

    (@donncha)

    16 years, 4 months ago

    Rok – I don’t remember ever seeing a comment from you on my blog. Did you get a moderation message? Maybe Akismet ate them.

    This is an annoying bug, but it’s not something that will let a remote hacker get access to your server. Look in those directories, and if there’s an index.html in there, it will be a page from your site.

    As I have never seen this on my server I’ll email you a bit of code to add to wp-cache-phase2.php that should help debug this.

    Also, your webserver shouldn’t be allowed to write to your blog’s root directory!

    diabolus

    (@diabolus)

    16 years, 4 months ago

    caused by this problem, so i moved using wp-cache, it untill there’s something like confirmation or guarantee by donncha about that vuln, i don’t want my wp blog will be hacked. thanks

    Donncha O Caoimh (a11n)

    (@donncha)

    16 years, 4 months ago

    diabolus – it’s not something a hacker can use to remotely exploit your server like I said above. I sent Rok some code that will hopefully help us debug this problem once and for all.

    If your blog’s root directory isn’t writable by the webserver then there’s no need to worry. It’s a huge security risk and a very bad idea having it writable anyway.

    Oh, and the only guarantee you’ll get from any software developer is that their software will take up space on your machine. Having said that, I’m not worried about using the plugin on all my blogs!

    Rok

    (@rok)

    16 years, 4 months ago

    Hello Donncha,

    First off, thanks for the reply and the fantastic work on Super Cache.

    1. Re. my comments on your blog: I had tried many times and left about 10 comments about the bugs that I came across, as I’m using, right from the first release.

    Did you get a moderation message?

    Unfortunately never, that’s why, I’ve written, my comments never passes on your blog.

    2. I’ve received your email just few minutes back, I’ve replaced the code as suggested by you and replied you back with some additional inputs.

    @diabolus, I can only say, just go ahead and install the plugin, as there’s is no security hole or serious exploit. It’s only a minor bug, that’s creating some folders in the root directory, during cache creation. This is what I could assume after spending 20 days.

    Donnacha can give more insight on this.

    You can read my detailed report here:
    http://wordpress.org/support/topic/146322?replies=1

    Note: Don’t forget to make your root folder read-only.

    I did the same yesterday, just for testing, as I couldn’t hear anything from anybody. And since than, no new folders appeared.

    Important: Donnacha has also adviced the same on the above post.

    diabolus

    (@diabolus)

    16 years, 4 months ago

    @donncha

    your answer above is the guarantee 😀

    @rok

    thanks, now i’m switch back to this plugin again 🙂

    vdesn

    (@vdesn)

    16 years, 1 month ago

    i’ve found both WP-CACHE and supercache to be allowing people to inject php files into my wp-content, wp-content/cache, and wp-content/cache/supercache directories.

    i’ve changed the permissions on wp-content to 755. is there anything else i can do to secure my wordpress install from these injections?

    Donncha O Caoimh (a11n)

    (@donncha)

    16 years, 1 month ago

    vdesn – can you email me some more details at donncha @ ocaoimh.ie please?

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘wp-super-cache vulnerable to PHP Injection?’ is closed to new replies.