Drupal.CVE.Core-2020-013 Vulnerability Exploit

  • Resolved tamar

    (@tamar)


    3 years, 12 months ago

    Hey guys –

    I am using Virusdie to track vulnerabilities on my server right now and I found that in wp-content/plugins/backwpup/vendor/pear/archive_tar/Archive/ there is the following code snippet which is a vulnerability.

    Should I assume this file is safe to delete? I assume that’s why it’s in the archive? (Maybe it should be removed entirely, since it’s malicious?)

    Thanks! 

         */
    private function _maliciousFilename($file)
    {
        if (strpos($file, 'phar://') === 0) {
            return true;
        }
        if (strpos($file, '/../') !== false) {
            return true;
        }
        i
Viewing 9 replies - 1 through 9 (of 9 total)

  • Hi, for the moment, I have deleted the code:

        /**
     * Detect and report a malicious file name
     *
     * @param string $file
     *
     * @return bool
     */
    private function _maliciousFilename($file)
    {
        if (strpos($file, 'phar://') === 0) {
            return true;
        }
        if (strpos($file, '/../') !== false) {
            return true;
        }
        if (strpos($file, '../') === 0) {
            return true;
        }
        return false;
    }

    The infection is no longer reported and BackWPup continues to work with no apparent problems! Hope it helps.
    See you soon!

    Plugin Support Syde Niklas

    (@niklasinpsyde)

    Hi @tamar,

    We have updated the library for our next release.
    In the meantime you could remove code as @em3designit mentioned, but TAR compression might not work properly as a result. If you archive your backups using PHP-zip, then you shouldn’t notice any issues.
    Our next update will fix this behavior then.

    Kind regards,
    Niklas

    I’m glad I was helpful.

    Thread Starter tamar

    (@tamar)

    Thank you!!!

    Thread Starter tamar

    (@tamar)

    Hey Niklas, any idea when you’re going to release an update to the plugin? It seems odd that it’s been a month and a half and this library still possess a vulnerability.

    Plugin Support happyAnt

    (@duongcuong96)

    Hello @tamar
    Sorry about the issue, for now, I created an updated version here:
    https://www.dropbox.com/s/p8mnrkjurmqe0pn/backwpup-3.8.1-80551ebf.zip?dl=0
    Please use this version instead.
    Thank you!

    Thread Starter tamar

    (@tamar)

    Thanks! Are you going to release it publicly soon?

    Plugin Support happyAnt

    (@duongcuong96)

    Hello @tamar
    we are working on few other mirror improvements, so I don’t have an exact release date yet. But I think the changes will be released publicly soon ^^

    Thread Starter tamar

    (@tamar)

    Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Drupal.CVE.Core-2020-013 Vulnerability Exploit’ is closed to new replies.