On Wed, Nov 23, 2011 at 12:30:58PM +0000, Amir@xxxxxxxx wrote: > a bug in Wordpress enable-latex plugin that allows to us to occur a Remote File Include on a Remote machin. > > > > ################################################################################################################################ > # # > # Aria Security Team - Persian Network Security # > # # > # http://Aria-Security.Com/forum/ # > # # > ################################################################################################################################ > # # > # Wordpress enable-latex plugin Remote File Include Vulnerabilities # > # # > # Download......: http://wordpress.org/extend/plugins/enable-latex/ # > # # > # Exploit.......: http://www.site.com/[path]/wp-content/plugins/enable-latex/core.php?url=[Rfi]? # > # # > # Google Search.: "Powered by Wordpress" # > # # > ################################################################################################################################ > # # > # Bug Found.....: Aria-Security # > # # > # discovery.....: Am!r (IrIsT?) # > # # > # contact.......: Amir[at]IrIsT.ir # > # # > # SP TNX........: The-0utl4w & A.u.r.A & B3HZ4D & m3hdi & joker_s & all IrIsT And Aria-security members # > # # > ################################################################################################################################ I have now tested this with following versions: WordPress: 3.2.1 Enable Latex: 1.1.2 I was unable to reproduce this issue. All I received back from application: "Sorry, you are not allowed to access this file directly.", which comes from core.class.php: 7 /* Prevent direct access to this file */ 8 if (!defined('ABSPATH')) { 9 exit("Sorry, you are not allowed to access this file directly."); 10 } This was added between revisions: """ ------------------------------------------------------------------------ r467422 | sedLex | 2011-11-25 16:13:39 +0200 (Fri, 25 Nov 2011) | 1 line bug ------------------------------------------------------------------------ r458335 | sedLex | 2011-11-01 19:00:07 +0200 (Tue, 01 Nov 2011) | 1 line New version """ With version r458335 I am unable to reproduce this issue as these PHP-files just give require_once PHP warnings. Could you please help me with this issue to identify if this is valid announcement and with what versions, thank you. - Henri Salo
