[wp-trac] [WordPress Trac] #42539: PCI Scan - "CGI Generic SQL Injection (blind)"
WordPress Trac
noreply at wordpress.org
Tue Nov 14 09:17:28 UTC 2017
#42539: PCI Scan - "CGI Generic SQL Injection (blind)"
-----------------------------+-----------------------------
Reporter: sureshnatarajan | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 4.8
Severity: normal | Keywords:
Focuses: administration |
-----------------------------+-----------------------------
I have installed latest wordpress (4.8) on the LAMP stack on AWS EC2
webserver instance. This is a standard install and we haven't deployed our
website on the wordpress yet. When we run a PCI scan on the server, scan
fails with below
vulnerability. We are using HackerGuardian Approved Scanning Vendor. We
need to fix the issue in order to obtain the PCI compliance. Wordpress
should fix the vulnerability. Please let us know how to fix the issue
until wordpress provides the fix.
>>>>
Status
Automatic Failure as listed by the PCI SSC (This must be resolved for your
device
Target name:52.87.142.241
Plugin
"CGI Generic SQL Injection (blind)"
Category
"CGI abuses "
Priority
"Urgent
Synopsis
A CGI application hosted on the remote web server is potentially prone
to SQL injection attack.
Description
By sending specially crafted parameters to one or more CGI scripts
hosted on the remote web server, Nessus was able to get a very different
response, which suggests that it may have been able to modify the behavior
of the application and directly access the underlying database.
An attacker may be able to exploit this issue to bypass authentication,
read confidential data, modify the remote database, or even take control
of the remote operating system.
Note that this script is experimental and may be prone to false positives.
See also:
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.nessus.org/u?ed792cf5
http://projects.webappsec.org/SQL-Injection
Risk factor
HIGH / CVSS BASE SCORE :7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Plugin
output
Using the GET HTTP method, Nessus found that :
+ The following resources may be vulnerable to blind SQL injection :
+ The 'load%5B%5D' parameter of the /wp-admin/load-styles.php CGI :
/wp-admin/load-styles.php?c=0&ver=4.8.3&dir=ltr&load%5B%5D=dashicons%2cb
uttons%2cforms%2cl10n%2cloginzz0&ver=4.8.3&dir=ltr&load%5B%5D=dashicons%
2
cbuttons%2cforms%2cl10n%2cloginyy
-------- output --------
#pass-strength-result,input,textarea{-webkit-box-sizing:border-box [...]
.locale-he-il em,.locale-zh-cn #local-time,.locale-zh-cn #utc-time [...]
#pass-strength-result,input,textarea{-webkit-box-sizing:border-box;-m
oz-
box-sizing:border-box}.meta-box-sortables select,p.submit{max-width:100%
}#your-profile label+a,.wp-admin select,fieldset label,label{vertical-al
ign:middle}#pressthis-code-wrap,textarea{overflow:a
uto}.login h1 a [...]
-------- vs --------
#pass-strength-result,input,textarea{-webkit-box-sizing:border-box [...]
.locale-he-il em,.locale-zh-cn #local-time,.locale-zh-cn #utc-time [...]
------------------------
Solution
Modify the affected CGI scripts so that they properly escape arguments.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42539>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list