The Giribaz file manager plugin <= v5.0.0 for WordPress contains an information disclosure vulnerability as a result of the plugin’s verbose logging functionality. The plugin logs all file activity to the '/wp-content/uploads/file-manager/log.txt' file which is publicly accessible. Should the plugin be used to interact with a file containing sensitive information (such as the 'wp-config.php' file), the contents of that file would be added to the log and be exposed.
Exploitation
Stages
- An unauthenticated remote attacker requests the Giribaz file manager log file located in the default WordPress upload directory.
- The server returns the contents of the log file including the contents of the files managed using the plugin.
Prerequisites
The attacker must be able to send arbitrarily crafted packets to a publicly accessible, internet facing endpoint.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Upgrade to a non-vulnerable version to mitigate this vulnerability.
Comments
0 comments
Please sign in to leave a comment.