EarthOnWire

  • Home
  • Blog
  • WordPress plugin Ninja-forms 2.9.6 Info Disclosure exploit

WordPress plugin Ninja-forms 2.9.6 Info Disclosure exploit

We just found a new medium/low risk vulnerability on the popular wordpress plugin Ninja-forms 2.9.6 (Information Disclosure)

We provide the information of the vulnerability, and ofcourse the mitigation of it (fix)


# Exploit Title: Wordpress plugin Ninja-Forms 2.9.6 Information Disclosure
# Google Dork: 
# Date: 11 March 2015
# Exploit Author: EarthOnWire.com
# Vendor Homepage: https://ninjaforms.com/
# Software Link: http://downloads.wordpress.org/plugin/ninja-forms.zip
# Version: Ninja-Forms 2.9.6 and below
# Tested on: 
# CVE : 

Vulnerability risk level: 2/5 (Medium)

Intruders can gain sensitive information about the full path of the installed Wordpress installation and/or php server installation.

Sample errors format:
Fatal error: Class 'NF_Step_Processing' not found in /home/xxxx/public_html/xxxx/wp-content/plugins/ninja-forms/includes/admin/upgrades/convert-notifications.php on line 3
Fatal error: Call to undefined function _e() in /home/xxxx/public_html/xxxx/wp-content/plugins/ninja-forms/includes/admin/pages/system-status-html.php on line 3
Fatal error: Call to undefined function add_action() in /home/xxxx/public_html/xxxx/wp-content/plugins/ninja-forms/includes/fields/timed-submit.php on line 58
Fatal error: require_once(): Failed opening required 'ABSPATHwp-admin/includes/class-wp-list-table.php' (include_path='.:/usr/local/php53/lib:/usr/lib/php:/usr/local/lib/php') in /home/xxxx/public_html/xxxx/wp-content/plugins/ninja-forms/classes/notifications-table.php on line 24
Warning: require_once(ABSPATHwp-admin/includes/class-wp-list-table.php): failed to open stream: No such file or directory in /home/xxxx/public_html/xxxx/wp-content/plugins/ninja-forms/classes/notifications-table.php on line 24
Fatal error: require_once(): Failed opening required 'ABSPATHwp-admin/includes/class-wp-list-table.php' (include_path='.:/usr/local/php53/lib:/usr/lib/php:/usr/local/lib/php') in /home/xxxx/public_html/xxxx/wp-content/plugins/ninja-forms/classes/notifications-table.php on line 24
Fatal error: Class 'WP_Widget' not found in /home/xxxx/public_html/xxxx/wp-content/plugins/ninja-forms/includes/widget.php on line 5

Vulnerable are almost all php files inside the /wp-content/plugins/ninja-forms/includes/ folder and subfolders, and also some php files inside /wp-content/plugins/ninja-forms/classes/
example:
/wp-content/plugins/ninja-forms/includes/admin/upgrades/convert-notifications.php
/wp-content/plugins/ninja-forms/includes/admin/upgrades/convert-forms.php
/wp-content/plugins/ninja-forms/includes/admin/pages/system-status-html.php
/wp-content/plugins/ninja-forms/includes/fields/timed-submit.php
wp-content/plugins/ninja-forms/includes/fields/textbox.php
/wp-content/plugins/ninja-forms/includes/fields/tax.php
/wp-content/plugins/ninja-forms/includes/fields/spam.php
/wp-content/plugins/ninja-forms/classes/download-all-subs.php
/wp-content/plugins/ninja-forms/classes/notifications-table.php


Mitigation
==========
put .htaccess with content: php_value error_reporting 0
inside /wp-content/plugins/ninja-forms/
OR
.htaccess with content: Order deny,allow
						Deny from all
inside:
	/wp-content/plugins/ninja-forms/includes
	/wp-content/plugins/ninja-forms/classes
OR
wait for an update :)

Tags: webapp,, security, , exploits,, wordpress,, wordpress,vulnerability,

x
Subscribe to Our Newsletter
Email *
First Name
Last Name