[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability



Hi Cru3l.b0y,

$plugin came from $plugins array which is filled by the glob function
which find all " *.php " files that reside under " WPCACHEHOME .
'plugins/' "...
Snippet Code from wp-cache-phase1.php at version 0.8.3:
$plugins = glob( WPCACHEHOME . 'plugins/*.php' );
if( is_array( $plugins ) ) {
	foreach ( $plugins as $plugin ) {
	if( is_file( $plugin ) )
		require_once( $plugin );
	}
}

Therefore there is no exploitable security vulnerability.

Regards
PS: Version 0.8.3 is too old, next time try the latest stable version
(0.9.5 at the moment).

2009/7/22 Cru3l.b0y <cru3l.b0y@xxxxxxxxx>:
> Hi Dear,
> I found a new bug. please publish it.
> thank you
> best regards
>
_________________________
             g30rg3_x