Full path disclosure
PHP info disclosure
Security Bypass Allows direct access.
-pma/server_databases.php - Full access to all features
including SQL window
-pma/main.php – reveals all the details of the database
• Author Contacted: 24 July 2013
• No positive response from the author
• Wordpress Security Team contacted: 11 September 2013
• Plugin Disabled in the repository : 21 October 2013
Started Project CodeVigilant
• Spot new issues in Plugins/Themes
• Report to the relevant author
• Get the patch released
• Else close the Plugin/Theme
What is required?
Download the latest WordPress and install
Download all Plugins (31k)
Download all Themes (2.5k)
Find all $_GET parameters
Replace their value with chk_string:
Send the request with the appropriate URL structure
Check if the response contains the chk_string
• More than 100 valid XSS!
• Testing for XSS we also stumbled upon:
– Unvalidated Redirects and Forwards
Stats for the next 3 weeks!
A3-Cross-Site Scripting 211
Unvalidated Redirects and
Local File Inclusion 6
Information Disclosure 1
Direct access & Auth
Using Components with