[wp-trac] [WordPress Trac] #60333: Host Header Injection Vulnerability in /wp-content Folder
WordPress Trac
noreply at wordpress.org
Wed Jan 24 12:17:48 UTC 2024
#60333: Host Header Injection Vulnerability in /wp-content Folder
--------------------------+------------------------------
Reporter: manishn | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.4
Severity: critical | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by roytanck):
Hi @manishn. Thank you for creating this ticket. Please be aware that
security vulnerabilities should not be reported on Trac. See
https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ .
That being said, I'm not sure this is actually a security issue. In most
server setups, there is a site that is the default. It handles all
requests except the ones that have a HOST header that corresponds to a
known other virtual host on the server.
My guess is that your request is sent to this default site. This would
explain why no 404 occurs. For the path `/wp-content`, the 301 then occurs
because WP redirects folders without a trailing slash to the "slashed"
version. In this case, that is `/wp-content/`, which contains an empty
index.html file.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60333#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list