Search This Blog

W3 Total Cache vulnerability allows hacker to steal password and db info

Jason A. Donenfeld has discovered a Critical vulnerability in one of the famous word press plugin "W3 Total Cache", that allows hacker to compromise password and database info.

Jason A. Donenfeld has discovered a Critical vulnerability in one of the famous wordpress plugin "W3 Total Cache".  The plugin helps to improve the user experience of your site by improving your server performance, caching every aspect of your site.

The cache data is stored in public accessible directory, which means a malicious hacker can browse and download the password hashes and other database information.

A simple Google search for "inurl:wp-content/plugins/w3tc/dbcache" returns the list of word press affected by this vulnerability.

According to Jason, the cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable, even with directory listing off.

He also published a simple shell script to identify and exploit this bug:
http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh

Wordpress users are advised to either upgrade the plugin to new version or deny access to plugin directory by making an extra .htccess in that folder.
Share it:

Breaking News

IT Security News

Vulnerability

Web Application Vulnerability

Wordpress Vulnerability