Home > Hacking, Informatika > WordPress ‘wp-admin/admin.php’ Module Configuration Security Bypass Vulnerability

WordPress ‘wp-admin/admin.php’ Module Configuration Security Bypass Vulnerability

Sore-sore iseng OL irc di chan #bagelen, tiba-tiba bot saya ngasih informasi ke channel kalau ada bug di engine wordpress.

<@tkj> 0,3 ::4[1Vuln: WordPress ‘wp-admin/admin.php’ Module Configuration Security Bypass Vulnerability4]0 WordPress ‘wp-admin/admin.php’ Module Configuration Security Bypass Vulnerability 4[1http://www.securityfocus.com/bid/355844]0 ::

Langsung aja menuju TKP 😀 lihat di situs securityfocus. Ah… ternyata benar. Langsung deh upgrade ke wordpress yang terbaru. Berikut informasi bug wordpress :

Diskusi

WordPress is prone to a security-bypass vulnerability.

Authenticated attackers may exploit this issue to gain access to configuration scripts, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible.

Versions prior to the following are vulnerable:

WordPress 2.8.1
WordPress MU 2.8.1


Informasi

Bugtraq ID: 35584
Class: Access Validation Error
CVE: CVE-2009-2334
Remote: Yes
Local: No
Published: Jul 08 2009 12:00AM
Updated: Jul 20 2009 10:36AM
Credit: Fernando Arnaboldi from Core Security Technologies
Vulnerable: WordPress WordPress MU 2.7.1
WordPress WordPress MU 2.7
WordPress WordPress MU 2.6
WordPress WordPress 2.6.5
WordPress WordPress 2.6.2
WordPress WordPress 2.6.1
WordPress WordPress 2.5.1
WordPress WordPress 2.3.3
WordPress WordPress 2.3.2
WordPress WordPress 2.3.1
WordPress WordPress 2.2.3
WordPress WordPress 2.2.2
WordPress WordPress 2.2.1
WordPress WordPress 2.2.1
WordPress WordPress 2.1.3
WordPress WordPress 2.1.3
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.11
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 2.8
WordPress WordPress 2.6
WordPress WordPress 2.5
WordPress WordPress 2.3
WordPress WordPress 2.2 Revision 5003
WordPress WordPress 2.2 Revision 5002
WordPress WordPress 2.2
WordPress WordPress 2.1.3-RC2
WordPress WordPress 2.1.3-RC1
WordPress WordPress 2.1
WordPress WordPress 2.0.10-RC2
WordPress WordPress 2.0.10-RC1
RedHat Fedora 11
RedHat Fedora 10

Not Vulnerable: WordPress WordPress MU 2.8.1
WordPress WordPress 2.8.1

Eksploit
Seorang attacker dapat mengekploit bug ini menggunakan browser.

Berikut alamat yang memungkinkan untuk dicoba 😀

http://www.contoh.com/wp-admin/admin.php?page=/collapsing-archives/options.txt
http://www.contoh.com/wp-admin/admin.php?page=akismet/readme.txt
http://www.contoh.com/wp-admin/admin.php?page=related-ways-to-take-action/options.php
http://www.contoh.com/wp-admin/admin.php?page=wp-security-scan/securityscan.php

Solusi

Jadi yang blognya pake engine wordpress, silakan upgrade ke versi yang terbaru. Jangan sampe cracker ngacak-acak web Anda.

Referensi : http://www.securityfocus.com/

  1. July 21st, 2009 at 09:50 | #1
    Using Mozilla Firefox Mozilla Firefox 3.0.8 on Windows Windows XP

    wah bot e masih banyak….. minta atu om… hahhahah
    😀

  2. July 21st, 2009 at 10:15 | #2
    Using Opera Opera 9.24 on Windows Windows XP

    @almasscatie
    hayooo ketahuan scan-scan yah? :p
    botnya cuma 1 om. ^^
    buatin 1 om kalau dah nemuin hasil scannanya. ^_^

  3. cook
    September 15th, 2010 at 18:51 | #3
    Using Mozilla Firefox Mozilla Firefox 3.6.8 on Windows Windows XP

    alert (“test”)

  4. September 16th, 2010 at 16:04 | #4
    Using Mozilla Firefox Mozilla Firefox 3.6.3 on Windows Windows XP

    ;))

  1. No trackbacks yet.

*

Bad Behavior has blocked 80 access attempts in the last 7 days.