Wordpress backup vuln published
BackWPup has remote execution hole
Posted in Security, 6th April 2011 08:00 GMT
Free whitepaper – Enabling Datacenter and Cloud Service Management for Mid-Tier Enterprises
A remote execution vulnerability has been discovered in Wordpress backup utility BackWPup.
According to Sydney (Australia) company Sense of Security, which published the advisory along with a proof-of-concept, the vulnerability allows local or remote PHP files to be passed to a component of the utility.
“The input passed to the component wp_xml_export.php via the ‘wpabs’ variable allows the inclusion and execution of local or remote PHP files as long as a ‘_nonce’ value is known. The ‘_nonce’ value relies on a static constant which is not defined in the script meaning that it defaults to the value ‘822728c8d9’”, the advisory states.
Sense of Security says the vulnerability affects at least BackWPup Version 1.6.1 (the platform on which it has been tested), and users should upgrade to Version 1.7.1.
Free whitepaper – Enabling Datacenter and Cloud Service Management for Mid-Tier Enterprises
Enabling Datacenter and Cloud Service Management for Mid-Tier Enterprises
Secure Mobile Working
Linux on the Desktop
The Register Guide to Web Security
Risk and Resilience
