[SECURITY FLAW] HTML code shows infrastructure specific data

Hackers look for various scraps of data to figure out the best attack vectors. One of the ways they do so is to examine the HTML source code especially for comments. W3 Total Cache aids in allowing attackers to understand what type of caching is taking place in order to eliminate futile attack vectors.

<!-- Performance optimized by W3 Total Cache. Learn more: http://www.w3-edge.com/wordpress-plugins/

Page Caching using disk: enhanced
Database Caching 2/10 queries in 0.002 seconds using disk
Object Caching 1524/1531 objects using disk

 Served from: example.com @ 2015-01-07 15:07:56 by W3 Total Cache -->

What does this information tell an attacker?

1. The website uses the W3 Total Cache plugin.
2. The plugin is configured to use page caching, and it does so through the enhanced disk caching feature. The attacker should enable that feature on their testing rig if they wish to keep their activities more stealth while they examine what security reprecussions this may have.
3. Database caching is turned on and the database contents is now stored on the same disk as the website is on. (Scary!) Now the attacker might be able to run arbitrary code somehow with echo file_get_contents() and they could gain access to any data that was once in the DB.
4. 2/10 queries were cached to the database. (See above.)
5. The caching ops took 0.002 seconds. A lengthy cache time could indicate a flaw in the server.
6. Object caching is turned on. (See above.)
7. 1524/1531 objects were cached. If the attacker examines the cache or poisons it, they could work their way through the system and perform a system takeover.
8. The server reports the date that the cache was created. It could indicate when the attacker’s tools are now part of the system so that they know when to proceed with the next stage of their attack. It could also be used for other things, such as gauging how long the cache is valid for.

Marketing helps to keep businesses going, so it’s perfectly understandable that you include your advertisement in the free version. It’s better that the ad is in the HTML source instead of placing banners and other stuff on the site in stead like other plugins may do.

Soliciting that the plugin exists on the system is still a security flaw, but it’s generally not such a problem, as attackers will try to aim their attacks more towards the core code of widely used projects such as WordPress, as they can always count on that code being present.

Higher profile sites are more susceptible to having their plugins known as the attacker will probably manually attack the site instead of using a bot to scan for vulnerable sites. In that case, a vulnerable plugin could give them leverage.

The other content, what’s being cached where, and for how long, should only be available to logged in administrators, not the end user. As an optimization system, you know that the less code, including comments, that the site sends to the browser, the smaller the file size.

Please make this change to enhance security and optimization. Thank you.

https://ww.wp.xz.cn/plugins/w3-total-cache/