[wp-trac] [WordPress Trac] #21113: Previous/Next page links maintain all GET variables
WordPress Trac
noreply at wordpress.org
Fri Apr 5 12:49:46 UTC 2013
#21113: Previous/Next page links maintain all GET variables
-------------------------------------------+------------------------------
Reporter: kirrus | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.4
Severity: normal | Resolution:
Keywords: needs-patch 2nd-opinion close |
-------------------------------------------+------------------------------
Comment (by johnbillion):
Replying to [comment:9 kirrus]:
> The reason the cache was poisoned was an interaction with the wp-
SuperCache module, that was generating static pages with the poisoned urls
in. These were then served to all users. I've turned that particular
feature off in Supercache.
Could you tell me which feature in WP Super Cache this was? I'd like to
find out which module/setting/feature is causing this.
If a page at a poisoned URL is generated and stored in the page cache, the
poisoned pagination URL should never be shown to a user visiting a non-
poisoned URL.
Replying to [comment:10 kirrus]:
> I should add, a clever attacker could also use this particular bug to
fill a reverse proxy caching system's store with many many thousands of
copies of the same data
This is true of any server that's caching URLs containing GET parameters.
I could slam a site with requests for `example.com/?foo=1`,
`example.com/?foo=2`, `example.com/?foo=99999` and achieve the same
effect. The paginated pages for these URLs aren't generated unless the
paginated URLs are requested, so the cache fills up no quicker.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21113#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list