WordPress NextGEN Gallery插件路径泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121536 漏洞类型 信息泄露
发布时间 2013-02-14 更新时间 2013-02-15
CVE编号 CVE-2013-0291 CNNVD-ID CNNVD-201302-398
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/38314
https://www.securityfocus.com/bid/57957
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201302-398
|漏洞详情
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress中的NextGENGallery插件中存在路径泄露漏洞。攻击者利用该漏洞获得敏感信息有助于进一步攻击。NextGENGallery1.9.10和1.9.11版本中存在漏洞,其他版本也可能受到影响。
|漏洞EXP
source: http://www.securityfocus.com/bid/57957/info

The NextGEN Gallery plugin for WordPress is prone to a path-disclosure vulnerability. 

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. 

NextGEN Gallery versions 1.9.10 and 1.9.11 are vulnerable; other versions may also be affected.

http://www.example.com/?callback=json&api_key=true&format=json&method=gallery&id=1 

http://www.example.com/?callback=json&api_key=true&format=xml&method=recent&limit=1
|参考资料

来源:BID
名称:57957
链接:http://www.securityfocus.com/bid/57957