Found A WP Plugin Exploit :S

G

gimme4free

Elite Member
Joined
Oct 22, 2008
Messages
1,935
Reaction score
1,989
I have been setting up a blog as a WH site tonight, just been messing about with one of the plugins and have ended up finding roughly 5000 sites where I can download their wp-config.php file fully, with DB login details etc. I will be reporting this but out of curiosity, with someones DB login details can they actually login to a database?

My site was hacked a lil while back and they probably got ahold of my config files, is it actually possible to connect to a database from another server if the dbserver is the localhost?
 
Advertise on BHW
gimme4free said:
with someones DB login details can they actually login to a database?
Click to expand...

If you're mysql daemon is set to listen on your public ip they could, but by default, mysql listens to localhost only.

Still a huge security hole though!
 
Grizzy said:
If you're mysql daemon is set to listen on your public ip they could, but by default, mysql listens to localhost only.

Still a huge security hole though!
Click to expand...
That's good to hear. Would the auth, logged in key etc be of much use to someone or is that also like MD5 near impossible to crack etc?
 
No, 95% of the time MySQL will not accept remote connections, either because its configured not to or the port is blocked by a firewall. However, the DB password may be the admin's same password for FTP, SSH, or wordpress itself, which could turn very dangerous. You could also use that bug to pull system files and other configuration files and get further into the system.

Mind posting what plugin you found this remote file disclosure in?

Also, MD5 is not nearly impossible to crack as you said, its actually one of the easiest algos to crack through dictionary attacks, brute force, or rainbow tables. Most MD5 passwords can be cracked nowadays.
 
Oh yeah, good point stealth, your db user/pass, it is often the same as ftp, ssh.

I wouldn't worry to much about the auth key being cracked, however, I would change your sql user / pass, (just for peace of mind really) :).

What I would be worried about is the other information in wp-config, like table prefix, that could be used in sql injection attacks (although most sites don't change their table prefix anyways).

Two really good and simple steps to take to secure wp is to change your table prefix and change your wp "admin" to something else. I find that many compromised blogs haven't done this.
 
maybe you could login if phpmyadmin is installed on the server ?
 
Yea phpmyadmin can be nasty, but hopefully your hosting company has taken steps to limit its vulnerabilities. For example, I can only login to phpmyadmin through my webhosts cpanel.
 
LOL dont report it, put together an ebook and sell it for 75$ ;)
 
Haven't quiet got around to clicking the send button yet lol, it's not that exploit. Even if you get to the database the passwords are encoded anyway ;)
 
This has been around forever, I've raped mediawiki installs, wp, phpbb, all sorts of easily installed php apps. All I can say is google is your friend in this case ;)
 
gboat said:
You cant view wp-config.php from google. It gives error when you try to view it directly.
Click to expand...

I think he's talking about an exploit. However, I highly doubt the same exploit would work for phpbb, wp, etc UNLESS they haven't updated their installation.
 
Hes just a script kiddy, using google to turn up vulnerable websites and running prepackaged exploits on them. Nothing to brag about.
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Media Downloads

Marketplace

Account Selling Content / Copywriting EBooks / Methods Hosting Misc Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Web Design More

Making Money

Affiliate Programs Hire a Freelancer IM Journeys Making Money Pay Per Click Site Flipping Want to Buy

BlackHat World

Dispute Resolution Forum Suggestions & Feedback Introductions Lounge
Back
Top