Support » Plugin: BackWPup - WordPress Backup Plugin » Drupal.CVE.Core-2020-013 Vulnerability Exploit

  • Resolved tamar

    (@tamar)


    Hey guys –

    I am using Virusdie to track vulnerabilities on my server right now and I found that in wp-content/plugins/backwpup/vendor/pear/archive_tar/Archive/ there is the following code snippet which is a vulnerability.

    Should I assume this file is safe to delete? I assume that’s why it’s in the archive? (Maybe it should be removed entirely, since it’s malicious?)

    Thanks!

         */
        private function _maliciousFilename($file)
        {
            if (strpos($file, 'phar://') === 0) {
                return true;
            }
            if (strpos($file, '/../') !== false) {
                return true;
            }
            i
    
Viewing 9 replies - 1 through 9 (of 9 total)
  • Hi, for the moment, I have deleted the code:

        /**
         * Detect and report a malicious file name
         *
         * @param string $file
         *
         * @return bool
         */
        private function _maliciousFilename($file)
        {
            if (strpos($file, 'phar://') === 0) {
                return true;
            }
            if (strpos($file, '/../') !== false) {
                return true;
            }
            if (strpos($file, '../') === 0) {
                return true;
            }
            return false;
        }

    The infection is no longer reported and BackWPup continues to work with no apparent problems! Hope it helps.
    See you soon!

    Plugin Support Inpsyde Niklas

    (@niklasinpsyde)

    Hi @tamar,

    We have updated the library for our next release.
    In the meantime you could remove code as @em3designit mentioned, but TAR compression might not work properly as a result. If you archive your backups using PHP-zip, then you shouldn’t notice any issues.
    Our next update will fix this behavior then.

    Kind regards,
    Niklas

    I’m glad I was helpful.

    Thread Starter tamar

    (@tamar)

    Thank you!!!

    Thread Starter tamar

    (@tamar)

    Hey Niklas, any idea when you’re going to release an update to the plugin? It seems odd that it’s been a month and a half and this library still possess a vulnerability.

    Plugin Support duongcuong96

    (@duongcuong96)

    Hello @tamar
    Sorry about the issue, for now, I created an updated version here:
    https://www.dropbox.com/s/p8mnrkjurmqe0pn/backwpup-3.8.1-80551ebf.zip?dl=0
    Please use this version instead.
    Thank you!

    Thread Starter tamar

    (@tamar)

    Thanks! Are you going to release it publicly soon?

    Plugin Support duongcuong96

    (@duongcuong96)

    Hello @tamar
    we are working on few other mirror improvements, so I don’t have an exact release date yet. But I think the changes will be released publicly soon ^^

    Thread Starter tamar

    (@tamar)

    Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.