• 26,769
  • +1,026
  • 3,010
WordPress Dump Exposure

WordPress Dump Exposure

Bookmark

Hello FD,

There appear to be multiple WordPress powered sites that are performing an DB->XML dumb of the articles and subsequent pages. The comments section includes originating IP address, datetime, E-Mail address, homepage, etc. These entities are traditionally not exposed to the anonymous Internet via WordPress. Since the XML dump is structured it’s quite easy to harvest this data.

More alarming is the volume of sites freely exposing this. I’m not certain of the root cause but perhaps it’s related to an upgrade procedure. Google is happily indexing and caching these dumps as it appears they’re created in the attachment system (URI ?attachment_id=\d+) with an HREF to the actual dump.

A simple Google search below will return a multitude of sites. Perhaps someone on the WordPress side can comment on this behavior?

 

Google Query – inurl:uploads ".xml_.txt" wordpress

 

Another tasty query seems to be harvest of the MySQL database backup:

 

Google Query – inurl:uploads ".sql.txt" wordpress

 

Finally, I don’t use WordPress so I really can’t comment on severity. At a minimum I believe this violates an implied level of privacy when commenting on articles powered by WordPress — the E-Mail address and IP information is exposed in these DB dumps.

Cheers,

John "Be Nice" Jacobs

 

From : http://packetstorm.codar.com.br/1105-advisories/wordpress-dumps.txt

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com