2007-06-12 07:40:29
By Tim Brown
Feeling a bit bored this morning, I have turned my eyes on to the work being done by Sid and the folk at BlogSecurity for inspiration. Now I'm lazy so I installed WordPress the Debian way. Debian's installation process allows multiple blogs to be hosted on different URLs using the same codebase. However, this can and does lead to some problems. Consider the following line from /etc/wordpress/wp-config.php:
require_once('/etc/wordpress/config-'.strtolower($_SERVER['HTTP_HOST']).'.php');Notice the problem? You should never trust user input. I don't actually think this is exploitable, at least not on Apache because attempts to include "/" in my supplied Host header value are met with failure), so I can't traverse the file system and cause arbitrary PHP files to be opened, but it is retarded. Sigh!
Mood: Bored
Music: Nothing playing right now
You are unknown, comment