BackWPup Vulnerabilities?

A remote execution vulnerability has been discovered in WordPress backup utility BackWPup.

According to Sydney (Australia) company Sense of Security, which published the advisory along with a proof-of-concept, the vulnerability allows local or remote PHP files to be passed to a component of the utility.

“The input passed to the component wp_xml_export.php via the ‘wpabs’ variable allows the inclusion and execution of local or remote PHP files as long as a ‘_nonce’ value is known. The ‘_nonce’ value relies on a static constant which is not defined in the script meaning that it defaults to the value ‘822728c8d9’”, the advisory states.

Sense of Security says the vulnerability affects at least BackWPup Version 1.6.1 (the platform on which it has been tested), and users should upgrade to Version 1.7.1. Via TheRegister

Incoming search terms:

• dork wordpress 3 2 1
• exploit website dengan xss
• javascript autolike facebook 2012 mobile
• makalah pengertian Email Exploits
• pengertian E-mail Exploits
• vurnability facebook ponsel

Tulisan Menarik Lainnya

• How to Enable Debugging on WordPress
• Types of WordPress Plugin
• How Plugins Interact with WordPress
• Penampil Error dengan WP Admin Error Handler
• Rilis Akismet plugin 2.5.6!
• Update Jetpack Plugin versi 1.3
• Yang baru di WordPress 3.0.2
• WordPress 3.3.2 Dirilis
• How to Cancelling Wordpress 3.0 Maintenance Mode?
• Belajar WordPress: Pagination Halaman tanpa Plugin
• WordPress 3.4 Beta Is Released! Mari di Uji
• Wordpress 3.0 User Features
• Wordpress Version 3.0 Highlights
• Belajar WordPress: Optimasi Robot.txt untuk SEO
• Belajar WordPress: Memfasilitasi Contributor untuk Upload File