[wp-trac] [WordPress Trac] #21113: Previous/Next page links maintain all GET variables
WordPress Trac
noreply at wordpress.org
Fri Apr 5 12:25:53 UTC 2013
#21113: Previous/Next page links maintain all GET variables
-------------------------------------------+------------------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.4
Severity: normal | Resolution:
Keywords: needs-patch 2nd-opinion close |
-------------------------------------------+------------------------------
Comment (by kirrus):
The reason the cache was poisioned was an interaction with the wp-
SuperCache module, that was generating static pages with the poisoned urls
in. These were then served to all users. I've turned that particular
feature off in Supercache. I'm also doing this in the cache, which is
really quite aggressive, but also handily effective in stopping the most
egregious GET variables:
{{{
if (!req.url ~ "_wp_http_referer") {
if (req.url ~ "(\.\..+)+" || req.url ~ "\.\.%2F.+$" ||
req.url ~ "self%2Fenviron" ) {
set req.url = regsub(req.url, "\?.*$", "");
}
}
}}}
In any case, this is still a bug; it is a vector that may be used to abuse
other bugs in wordpress attack wordpress, it is a vector to attack any wp-
SuperCache using site, and a vector to cause sites to show thousands of
unique urls showing duplicate content to Google. Anything that allows a
user to directly alter website content in this fashion should be treated
with suspicion.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21113#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list