May 14, 2007 - Comments Off on WordTube Exploit

WordTube Exploit

If you're using the WordTube extension for WordPress , haven't been hacked yet, and haven't heard about the remote code execution vulnerability, then you're very lucky and should read on.

The Problem

The following critical problem affects every version of WordTube prior to 1.44. From Secunia:

M.Hasran Addahroni has reported a vulnerability in the wordTube plugin for WordPress, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "wpPATH" parameter in wordtube-button.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Solution

Upgrade to version 1.44 immediately!

Jeffrey Barke is senior developer and information architect at theMechanism, a maxi-media firm in New York City and London.

Published by: jeffreybarke in The Programming Mechanism

Comments are closed.