霜天部落 | 关注LAMP高性能、高并发架构的设计与研究

WordPress 任意文件上传漏洞

WordPress Arbitrary File Upload Vulnerability

MustLive has discovered a vulnerability in WordPress, which can be exploited by malicious users to compromise a vulnerable system.

The application improperly validates uploaded files, which can be exploited to execute arbitrary PHP code by uploading a .phtml file with e.g. an appended “.gif” file extension.

Successful exploitation requires “Author” permissions in the backend and that Apache is not configured to handle the mime-type for media files with e.g. a “.jpg” or “.gif” extension.

The vulnerability is confirmed in version 3.1.2. Other versions may also be affected.(确认受影响的版本为3.1.2,其他版本也有可能受影响)

Solution
Restrict access to the wp-content/uploads directory (e.g. via .htaccess).(解决方案:可以通过.htaccess禁止访问wp-content/uploads目录)

—————————————————————————————————————

Provided and/or discovered by
MustLive

Original Advisory

http://websecurity.com.ua/5108/