[wp-hackers] protecting wp-content/plugins ?

Sam Bauers sam at viveka.net.au
Mon Aug 20 18:23:47 GMT 2007


On 21/08/2007, at 3:29 AM, Alan J Castonguay wrote:

> If an attacker knows the common name for an exploitable plugin file  
> and how it hooks into the public website (given, as the source is  
> probably available) and that it keys off certain non-validated  
> cookie/get/post parameters, then all they have to do is construct  
> the URI to wordpress' index.php and request it.
>
> The best way to protect against this is for the plugin to validate  
> all access (like to http://example/wp-content/plugins/ 
> badplugin.php) and input (like /index.php?unvalidatedsql=...), and  
> deny anything that is not specifically desired.

Well, now you are talking about running an actual exploit, and about  
good coding practice (like validating user input). Running an exploit  
may not always lead to a result that is immediately obvious or  
testable, but running a scan over multiple domains on known  
directories will produce an easily quantifiable result for those  
cases that are standard. This result can be tabulated for  
exploitation by a real human later.

I do think there's some advantage in removing the most efficient  
method of testing for the presence of exploitable files, which was  
the point the original poster has raised.

Even though you raise further valid points about security in general,  
there is not much that can be done in the core code to make various  
plugin code of a higher standard.

Sam


--------------------------------------------------------------
  Sam Bauers

  sam at viveka.net.au
--------------------------------------------------------------





More information about the wp-hackers mailing list