OSVDB ID: 86411

Title: Download Shortcode Plugin for WordPress wp-content/plugins/download-shortcode/force-download.php file parameter Traversal Arbitrary File Access

Info

Disclosure

Oct 13, 2012

Discovery

Unknown

Dates

Exploit

Oct 17, 2012

Solution

Oct 13, 2012

Description

Download Shortcode Plugin for WordPress contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the wp-content/plugins/download-shortcode/force-download.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'file' parameter. This directory traversal attack would allow the attacker to gain access to arbitrary files.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Third-party Verified
OSVDB: Web Related

Solution

Upgrade to version 0.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Drew Jaynes

Download Shortcode Plugin for WordPress

0.1

References

Secunia Advisory ID: 50924
ISS X-Force ID: 79454
Vendor Specific Solution URL: http://plugins.trac.wordpress.org/changeset/611813/download-shortcode
Vendor Specific News/Changelog Entry: http://wordpress.org/extend/plugins/download-shortcode/changelog/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86411