W3 total cache wordpress plugin reveals sensitive information
A security researcher is warning WordPress uses that a popular plugin may leave sensitive information from their blog accessible from the public Internet with little more than a Google search.
malicious w3 total cache plugin : ehack
The researcher, Jason A. Donenfeld, who uses the handle “zx2c4” posted a notice about the add-on, W3 Total Cache on the Full Disclosure security mailing list on Sunday, warning that many WordPress users that had added the plugin had directories of cached content that could be browsed by anyone with a web browser and knowledge of where to look. The content of those directories could be downloaded, including directories containing sensitive data like password hashes, Donenfeld wrote.
W3 Total Cache is described as a “performance framework” that speeds up web sites that use the WordPress content management system by caching site content, speeding up page loads, downloads and the like. The plugin has been downloaded 1.39 million times and is used by sites including mashable.com andsmashingmagazine.com, according to the WordPress web site.
Simply installing W3 Total Cache from within WordPress appears to leave potentially sensitive data exposed, Donenfeld discovered. Among other things, a cache directory listing feature is enabled on the cache directory, which stores cached content. That means “anyone could easily recursively download all the database cache keys and extract ones containing sensitive information, such as password hashes,” he wrote.
“A cache is something that is supposed to be read by web applications and not users,” Donenfeld told Security Ledger.
Sites with exposed cache directories are also discoverable using a simple Google search, Donenfeld said.
Even with directory listings off, cache files are still publicly downloadable by default with W3 Total Cache. Yes, a hacker (or snooper) would need to know the key values and file names of the cache items, but Donenfeld said both are “easily predictable.”
Donenfeld developed a proof-of-concept exploit for the hole that allows a would-be attacker to try to attempt to glean password hashes from blogs running W3 Total Cache using a brute force attack to guess possible W3 Total Cache keys using different user- and site ID combinations.
vulnerability in w3 total cache plugin
A quick search revealed a number of web sites that are running the W3 Total Cache plugin that have publicly accessible directories of cached content. They include Triton Submarines, a maker of manned submersibles and the Family Policy Network, a U.S. based conservative Christian group that says its mission is to confront “immorality” in the public square and educate Christians “on important moral issues in public and corporate policy.”
Still, Donenfeld said the security holes are probably better classified as “configuration errors” than vulnerabilities – enabling risky features by default, and giving users too few ways to securely configure the plug-in. In a subsequent post on Full Disclosure, he said that W3 Edge, the company that makes W3 Total Cache, plans an update to correct the issues he had identified.
In the meantime, W3 Total Cache users can remediate the vulnerability by disabling the “database cache” and “object cache” options, and flush any existing caches created with W3 Total Cache.
WordPress is a widely used blogging and content management platform. As a result, it is frequently the target of attacks designed to compromise a large number of web sites. Most recently, The SANS Institute warned of widespread and apparently automated attacks against both WordPress and the Joomla CMS that were being used by cyber criminals to direct unwitting web surfers to sites serving up rogue antivirus and other malicious software. And, last week, a Russian researcher warned of a large scale spam campaign that leveraged compromised WordPress blogs to promote sites controlled by spammers and their customers.
Original post at securityledger.com
Thanks for reading. hope it might helped you.
http://ehack.thegeoadventure.com/
Posted on December 29, 2012, in privacy, security and tagged database cache, vulnerability, w3 total cache, wordpress. Bookmark the permalink. 25 Comments.
okakash
pankaj
Ethical Hacking 
You designed some decent points there. I looked on the net for any dilemma and located most individuals goes along with together along with your internet site.
What’s Taking place i am new to this, I stumbled upon this I have discovered It positively useful and it has aided me out loads. I am hoping to give a contribution & aid other users like its aided me. Great job.
Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You definitely know what youre talking about, why throw away your intelligence on just posting videos to your weblog when you could be giving us something informative to read?
I’ve learned some new things from your blog post. Thank you
When I first saw this title W3 total cache wordpress plugin reveals sensitive information Ethical Hacking on google I just whent and bookmark it. Superb website you have here but I was curious about if you knew of any user discussion forums that cover the same topics discussed in this article? I’d really love to be a part of group where I can get feedback from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Thanks!
i bet everyone will read this post and certainly will like it.
I simply want to mention I’m new to blogging and definitely loved you’re web page. Almost certainly I’m planning to bookmark your blog . You amazingly have great stories. Thanks a bunch for sharing your webpage.
really a great post and valuable information.
excellent submit, very informative. I wonder why the other experts of this sector do not notice this. You must proceed your writing. I am sure, you’ve a great readers’ base already!
Your type is exclusive.
very nice post. good stuff.
This blog has a lot of really useful stuff on it. Thank you for sharing it with me.
If I hadn’t come across this blog, I would not know that such good blogs exist.
Excellent! Keep writing.
I like this post, enjoyed this one thankyou for putting up.
Hey there! I know this is kinda off topic however , I’d figured I’d ask. Would you be interested in exchanging links or maybe guest authoring a blog post or vice-versa? My website discusses a lot of the same topics as yours and I believe we could greatly benefit from each other. If you happen to be interested feel free to shoot me an e-mail. I look forward to hearing from you! Excellent blog by the way!
Amazing article, thanks, I will bookmark you soon.
If you dont mind, where do you host your site? I am searching for a good quality web host and your webpage seams to be quick and up almost all the time
Hello it’s me Fiona, I am also visiting this website regularly, this web site is really pleasant and the people are truly sharing good thoughts.
This blog site is really good! How can I make one like this !?
I can hardly believe how lucky I am that I visited such a well-written blog.
There are some attention-grabbing cut-off dates in this article however I don’t know if I see all of them center to heart. There’s some validity however I will take maintain opinion until I look into it further. Good article , thanks and we wish more! Added to FeedBurner as nicely
When are you going to post again? You really entertain a lot of people!
Due to this blog I deepened my knowledge.
Hi! I could have sworn I’ve been to this site before but after browsing through some of the post I realized it’s new to me. Anyways, I’m definitely happy I found it and I’ll be bookmarking and checking back frequently!