由于安装了很多插件,所以我编写了一个小脚本,来检查 wordpress 插件目录对 wpvulndb.com 的访问,并显示所有的漏洞。事实证明,有很多严重的漏洞,在没有足够的日志信息的情况下,很难追踪最初的向量。
[+] w3-total-cache
* [UNKNOWN] W3 Total Cache 0.9.2.4 - Username & Hash Extract
Fixed in: 0.9.2.5
+ http://seclists.org/fulldisclosure/2012/Dec/242
+ https://github.com/FireFart/W3TotalCacheExploit
* [RCE] W3 Total Cache - Remote Code Execution
Fixed in: 0.9.2.9
+ http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
+ http://wordpress.org/support/topic/pwn3d
+ http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
* [CSRF] W3 Total Cache 0.9.4 - Edge Mode Enabling CSRF
Fixed in: 0.9.4.1
+ http://seclists.org/fulldisclosure/2014/Sep/29
* [CSRF] W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery (CSRF)
Fixed in: 0.9.4.1