{"id":5527,"date":"2013-04-26T18:30:12","date_gmt":"2013-04-26T22:30:12","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=5527"},"modified":"2013-04-26T18:30:12","modified_gmt":"2013-04-26T22:30:12","slug":"update-wp-super-cache-and-w3tc-immediately","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/","title":{"rendered":"Update WP Super Cache and W3TC Immediately"},"content":{"rendered":"

Remote Code Execution Vulnerability Disclosed<\/strong><\/p>\n

From http:\/\/blog.sucuri.net<\/a><\/p>\n

Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability \u2013 remote code execution (RCE), a.k.a., arbitrary code execution:<\/p>\n

<\/p>\n

\u2026arbitrary code execution is used to describe an attacker\u2019s ability to execute any commands of the attacker\u2019s choice on a target machine or in a target process. \u2013 Wikipedia
\n<\/em><\/p>\n

It appears that a user by the name of kisscsaby first disclosed the issue a month ago via the WordPress forums. As of 5 days ago both plugin authors have pushed new versions of their plugins disabling the vulnerable functions by default. The real concern however is the seriousness of the vulnerability and the shear volume of users between both plugins.<\/p>\n

There are a few posts, released within the past few hours that do a great job of explaining what the issue was and what was being exploited. You can find some good after action thoughts on Frank Goosens\u2019 blog and on Acunetix\u2019s blog as well.<\/p>\n

Why Such a Big Deal?<\/strong><\/p>\n

Between the two plugins they\u2019re looking at something close to 6 million downloads, granted not all current and some will be updates, but assuming even 25% are unique sites that\u2019s an impressive number for any plugin. The real issue comes in that it applies to any WordPress blog that has comments enabled.<\/p>\n

If you\u2019re using a third-party service, like Disqus, this won\u2019t affect you. A really simple way to test is leave yourself a comment like this:<\/p>\n

< !\u2013mfunc echo PHP_VERSION; \u2013>< !\u2013\/mfunc\u2013><\/code><\/p>\n

If it works, it\u2019ll show you something like this:<\/p>\n

5.2.17<\/code><\/p>\n

You can see that it\u2019s showing the version of my server\u2019s PHP install. No big deal right? Wrong. This means I can pass any commands I want to your server and they\u2019ll execute, hence the term remote command execution (RCE).<\/p>\n

In this instance all I said was echo, or print out, the version of my PHP, in it of itself is benign. Replace my echo with an eval and encode a payload and now it\u2019s a different ball game. Case in point, a backdoor shell, all while going via your comments and bypassing all other authentication controls.<\/p>\n

Again, not an issue to be taken lightly, this is a very serious vulnerability, further exacerbated by the fact that any user can exploit it. The easiest way to protect yourself is to upgrade. You can find the latest updates on the WordPress.org repository:<\/p>\n

WP Super Cache<\/a>
\nW3TC Total Cache<\/a><\/p>\n

Kudos to the plugin developers for acting quickly on the issue. Now it\u2019s your turn end-users, update!<\/p>\n

p.s.<\/p>\n

quickfind:<\/p>\n

find . -type d -iname \"w3*\"
\nfind . -type d -iname \"wp-super-*\" <\/code><\/p>\n

bettafind:<\/p>\n

#touch w3-wpsc-find.sh<\/code>
\ninsert:
\n
\n!\/bin\/bash
\n#Find out-dated versions of w3 total cache \/ wp super cache
\n#find files and versions:<\/p>\n

echo '*******ALL wp-super-cache installs\/versions*******'
\nfind \/home*\/*\/public_html\/ -type d -name wp-super-cache -exec grep -H 'Version:' {}\/wp-cache.php \\; | tee \/tmp\/supercache
\necho '*******ALL w3-total-cache installs\/versions*******'
\nfind \/home*\/*\/public_html\/ -type f -name w3-total-cache.php -exec grep -H 'Version:' {} \\; | tee \/tmp\/totalcache<\/p>\n

#grep out current versions (already updated installs)
\n#current total cache: 0.9.2.9
\n#current super cache: 1.3.2<\/p>\n

echo '*******Only outdated versions of super cache listed below:*******'
\ngrep -v '1.3.2' \/tmp\/supercache | tee \/root\/outdated-supercache
\necho '*******Only outdated versions of total cache listed below:*******'
\ngrep -v '0.9.2.9' \/tmp\/totalcache | tee \/root\/outdated-totalcache<\/p>\n

#Clean up<\/p>\n

rm \/tmp\/supercache \/tmp\/totalcache<\/p>\n

echo \"full lists of outdated installs are in \/root\/outdated-supercache and \/root\/outdated-totalcache\"<\/code>
\nrun
\nchmod +x w3-wpsc-find.sh
\nsh w3-wpsc-find.sh<\/code><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Remote Code Execution Vulnerability Disclosed From http:\/\/blog.sucuri.net Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability \u2013 remote code execution (RCE), a.k.a., arbitrary code execution:… <\/p>\n

Read More<\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-5527","post","type-post","status-publish","format-standard","hentry","category-info"],"yoast_head":"\nUpdate WP Super Cache and W3TC Immediately - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Update WP Super Cache and W3TC Immediately - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"Remote Code Execution Vulnerability Disclosed From http:\/\/blog.sucuri.net Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability \u2013 remote code execution (RCE), a.k.a., arbitrary code execution:... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2013-04-26T22:30:12+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/update-wp-super-cache-and-w3tc-immediately\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/update-wp-super-cache-and-w3tc-immediately\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"Update WP Super Cache and W3TC Immediately\",\"datePublished\":\"2013-04-26T22:30:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/update-wp-super-cache-and-w3tc-immediately\\\/\"},\"wordCount\":472,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"General Info\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/update-wp-super-cache-and-w3tc-immediately\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/update-wp-super-cache-and-w3tc-immediately\\\/\",\"name\":\"Update WP Super Cache and W3TC Immediately - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2013-04-26T22:30:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/update-wp-super-cache-and-w3tc-immediately\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/update-wp-super-cache-and-w3tc-immediately\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/update-wp-super-cache-and-w3tc-immediately\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Update WP Super Cache and W3TC Immediately\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Update WP Super Cache and W3TC Immediately - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/","og_locale":"en_US","og_type":"article","og_title":"Update WP Super Cache and W3TC Immediately - Linux Shtuff","og_description":"Remote Code Execution Vulnerability Disclosed From http:\/\/blog.sucuri.net Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability \u2013 remote code execution (RCE), a.k.a., arbitrary code execution:... Read More","og_url":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2013-04-26T22:30:12+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"Update WP Super Cache and W3TC Immediately","datePublished":"2013-04-26T22:30:12+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/"},"wordCount":472,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["General Info"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/","url":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/","name":"Update WP Super Cache and W3TC Immediately - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2013-04-26T22:30:12+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/update-wp-super-cache-and-w3tc-immediately\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"Update WP Super Cache and W3TC Immediately"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/5527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=5527"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/5527\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=5527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=5527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=5527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}