WordPress.org

Ready to get started?Download WordPress

Forums

wp-super-cache vulnerable to PHP Injection? (14 posts)

  1. factoryjoe
    Member
    Posted 6 years ago #

    I've seen a separate report now that the WP Super Cache is vulnerable to PHP Injection attacks. Can you please report on this?

  2. webinista
    Member
    Posted 6 years ago #

    I also noticed that my server was compromised after installing WP Super Cache. I deleted the plugin files, and things appear to be resolved. But please look into this.

  3. Donncha O Caoimh
    Member
    Posted 6 years ago #

    Please email me at donncha at ocaoimh.ie with some details and what you know, thanks!

  4. archon810
    Member
    Posted 6 years ago #

    Please provide more info, this is very important for everyone!

  5. Donncha O Caoimh
    Member
    Posted 6 years ago #

    There is no vulnerability. A small bug allowed the cache to create empty directories outside of the supercache folder but it's fixed in 0.3.1

  6. Rok
    Member
    Posted 6 years ago #

    Donncha, thanks for explaining.

    And first two post authors: next time, provide the details, you've come across, so that those can be addressed timely.

  7. Rok
    Member
    Posted 6 years ago #

    Very Important!

    I've to re-open this post as the vulnerabilities mentioned by factoryjoe are still exisiting, even in the latest version 0.5.1

    For the past 20 days, I was testing each and every plugin and template files and today. I'm zeored on WordPress Super Cache the cause of the vulnerabilities.

    After digging further, I came across similiar incidents and immediately posted here for Donncha attention, as my comments are not passed through his blog.

  8. Donncha O Caoimh
    Member
    Posted 6 years ago #

    Rok - I don't remember ever seeing a comment from you on my blog. Did you get a moderation message? Maybe Akismet ate them.

    This is an annoying bug, but it's not something that will let a remote hacker get access to your server. Look in those directories, and if there's an index.html in there, it will be a page from your site.

    As I have never seen this on my server I'll email you a bit of code to add to wp-cache-phase2.php that should help debug this.

    Also, your webserver shouldn't be allowed to write to your blog's root directory!

  9. diabolus
    Member
    Posted 6 years ago #

    caused by this problem, so i moved using wp-cache, it untill there's something like confirmation or guarantee by donncha about that vuln, i don't want my wp blog will be hacked. thanks

  10. Donncha O Caoimh
    Member
    Posted 6 years ago #

    diabolus - it's not something a hacker can use to remotely exploit your server like I said above. I sent Rok some code that will hopefully help us debug this problem once and for all.

    If your blog's root directory isn't writable by the webserver then there's no need to worry. It's a huge security risk and a very bad idea having it writable anyway.

    Oh, and the only guarantee you'll get from any software developer is that their software will take up space on your machine. Having said that, I'm not worried about using the plugin on all my blogs!

  11. Rok
    Member
    Posted 6 years ago #

    Hello Donncha,

    First off, thanks for the reply and the fantastic work on Super Cache.

    1. Re. my comments on your blog: I had tried many times and left about 10 comments about the bugs that I came across, as I'm using, right from the first release.

    Did you get a moderation message?

    Unfortunately never, that's why, I've written, my comments never passes on your blog.

    2. I've received your email just few minutes back, I've replaced the code as suggested by you and replied you back with some additional inputs.

    @diabolus, I can only say, just go ahead and install the plugin, as there's is no security hole or serious exploit. It's only a minor bug, that's creating some folders in the root directory, during cache creation. This is what I could assume after spending 20 days.

    Donnacha can give more insight on this.

    You can read my detailed report here:
    http://wordpress.org/support/topic/146322?replies=1

    Note: Don't forget to make your root folder read-only.

    I did the same yesterday, just for testing, as I couldn't hear anything from anybody. And since than, no new folders appeared.

    Important: Donnacha has also adviced the same on the above post.

  12. diabolus
    Member
    Posted 6 years ago #

    @donncha

    your answer above is the guarantee :D

    @Rok

    thanks, now i'm switch back to this plugin again :)

  13. vdesn
    Member
    Posted 6 years ago #

    i've found both WP-CACHE and supercache to be allowing people to inject php files into my wp-content, wp-content/cache, and wp-content/cache/supercache directories.

    i've changed the permissions on wp-content to 755. is there anything else i can do to secure my wordpress install from these injections?

  14. Donncha O Caoimh
    Member
    Posted 6 years ago #

    vdesn - can you email me some more details at donncha @ ocaoimh.ie please?

Topic Closed

This topic has been closed to new replies.

About this Topic