More than a year ago, we reported a remote code execution bug to one of our fellow security researcher and trainer Mohamed Ramadan over at attack-secure.com
The website is based on Wordpress and it used the “w3-total-cache” plugin. Maybe you don’t remember anymore, but this plugin suffered a RCE bug (CVE-2013-2010) in all versions up to 0.9.2.8.
That issue allowed attackers to execute PHP code by posting a comment of the following format:
1
| |
The code’s output will be displayed in the comment section.
Mohamed replied after a full week and rewarded us with his “The basics of ethical hacking” online course.
Timeline:
- 23.09.2013: Initial report about the outdated plugin
- 01.10.2013: Fix and reward
We’d like to thank Mohamed for the fix and the reward.
PS: You can find their whitehat security page here
The team of Internetwache.org