[Plugin: Enable Latex] False-positive remote file include vulnerability? | WordPress.org

Resolved henrisalo
(@henrisalo)

12 years, 4 months ago

Original post: http://seclists.org/bugtraq/2011/Nov/150
Here is what I tested: http://seclists.org/bugtraq/2011/Dec/0

Could you tell me if I am correct?

http://wordpress.org/extend/plugins/enable-latex/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Sed Lex
(@sedlex)

12 years, 4 months ago

Hi,

For me, there is no vulnerability !
At least, if global_register is activated, the $url variable may be modified but with any consequence as the real path is after the $url variable …

Then you may have been able to include files with the following path
$url.’core/admin_table.class.php’ (for instance)

Not warmful !

Are you agree ?

Plugin Author Sed Lex
(@sedlex)

12 years, 4 months ago

I meant harmful and not warmful 🙂

Thread Starter henrisalo
(@henrisalo)

12 years, 4 months ago

As my previous testing did not work and you said those lines I think this is false-positive.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘[Plugin: Enable Latex] False-positive remote file include vulnerability?’ is closed to new replies.

Tags

false positive

In: Plugins
3 replies
2 participants
Last reply from: henrisalo
Last activity: 12 years, 4 months ago
Status: resolved