[wp-hackers] protecting wp-content/plugins ?
Sam Bauers
sam at viveka.net.au
Mon Aug 20 18:23:47 GMT 2007
On 21/08/2007, at 3:29 AM, Alan J Castonguay wrote:
> If an attacker knows the common name for an exploitable plugin file
> and how it hooks into the public website (given, as the source is
> probably available) and that it keys off certain non-validated
> cookie/get/post parameters, then all they have to do is construct
> the URI to wordpress' index.php and request it.
>
> The best way to protect against this is for the plugin to validate
> all access (like to http://example/wp-content/plugins/
> badplugin.php) and input (like /index.php?unvalidatedsql=...), and
> deny anything that is not specifically desired.
Well, now you are talking about running an actual exploit, and about
good coding practice (like validating user input). Running an exploit
may not always lead to a result that is immediately obvious or
testable, but running a scan over multiple domains on known
directories will produce an easily quantifiable result for those
cases that are standard. This result can be tabulated for
exploitation by a real human later.
I do think there's some advantage in removing the most efficient
method of testing for the presence of exploitable files, which was
the point the original poster has raised.
Even though you raise further valid points about security in general,
there is not much that can be done in the core code to make various
plugin code of a higher standard.
Sam
--------------------------------------------------------------
Sam Bauers
sam at viveka.net.au
--------------------------------------------------------------
More information about the wp-hackers
mailing list