API tools faq
paste
Advertisement
moften

Full Path Disclosure vulnerability in JM Twitter Cards revea

moften
Oct 15th, 2015
124
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.12 KB | None | 0 0
raw download clone embed print report
  1. Details
  2. ================
  3. Software: JM Twitter Cards
  4. Version: 6.0
  5. Homepage: https://wordpress.org/plugins/jm-twitter-cards
  6. Advisory report: https://security.dxw.com/advisories/full-path-disclosure-vulnerability-in-jm-twitter-cards-reveals-the-location-of-the-wordpress-installation-on-the-server/
  7. CVE: Awaiting assignment
  8. CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)
  9.  
  10. Description
  11. ================
  12. Full Path Disclosure vulnerability in JM Twitter Cards reveals the location of the WordPress installation on the server
  13.  
  14. Vulnerability
  15. ================
  16. This plugin contains a Full Path Disclosure vulnerability (CWE-200). This allows an attacker to discover the full path to the WordPress installation on the server, which they could use to assist in other attacks.
  17. For this to happen, the site would have to have the ‘display_errors’ option set to true.
  18.  
  19. Proof of concept
  20. ================
  21. Turn on display_errors
  22. Request http://mydomain.com/wp-content/plugins/jm-twitter-cards/views/settings.php from a browser.
  23. The following error message will be displayed:
  24. Fatal error: Call to undefined function esc_html_e() in /path/to/installation/wp-content/plugins/jm-twitter-cards/views/settings.php on line 3
  25.  
  26. Mitigations
  27. ================
  28. Upgrade to version 6.2 or later.
  29. If this is not possible, ensure that display_errors is turned off on a site running this plugin.
  30.  
  31. Disclosure policy
  32. ================
  33. dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/
  34.  
  35. Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf.
  36.  
  37. This vulnerability will be published if we do not receive a response to this report with 14 days.
  38.  
  39. Timeline
  40. ================
  41. 2015-07-29: Discovered
  42. 2015-07-30: Reported to vendor via contact form on http://www.tweetpress.fr/contact
  43. 2015-09-17: Vendor reported fixed
  44. 2015-10-12: Published
  45.  
  46.  
  47.  
  48. Discovered by dxw:
  49. ================
  50. Duncan Stuart
  51. Please visit security.dxw.com for more information.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!