lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 11 Feb 2015 17:51:11 GMT
From: sn@....eu
To: bugtraq@...urityfocus.com
Subject: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting
 Vulnerability

============================================================
- Title: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability
- Vulnerable Version: 2.8.8 and probably prior
 -Tested Version:2.8.8
 - Vendor Notification: 20 November 2014
 - Vendor Patch: 20 November 2014
 -Vulnerability Type: Cross-Site Scripting [CWE-79]
 -CVE Reference: TBC
- Discovered by: Sergio Navarro of Dionach
- - ============================================================

VULNERABILITY
Two XSS vulnerabilities have been discovered in Ninja Forms WordPress plugin which can be exploited against administrators of WordPress (with the vulnerable plugin) to perform Cross-Site Scripting
1)	Reflected XSS
The issue was found in the success notification message that the Ninja Forms plugin displays in users’ browser after users submit their details successfully through the plugin contact form. Anonymous attackers could use the vulnerability to take control of the victim’s browser or steal other users' sessions and so access their personal details.
Proof of concept:
POST http://www.example.com/wp-admin/admin-ajax.php?action=ninja_forms_ajax_submit 
[…]
ninja_forms_field_1=<b onmouseover=alert('XSS!')>TEST</b>
[…]

--------------------------------------------------------------------------------------------------------------------------------------
2)Stored XSS
This issue was exploited when administrator users with access to the Ninja Forms submissions list attempt to edit the user submitted values. A malicious administration can hijack other users’ session, take control of another administrator’s browser or install malware on their computer.
Proof of concept:
POST http://www.example.com/wp-admin/post.php 
fields[1]=<b+onmouseover=alert('XSS!')>TEST</b> 
-===========================================================================
SOLUTION:
Update to Ninja Forms 2.8.11 which includes a fix for this vulnerability 
-===========================================================================
Credits: Sergio Navarro of Dionach

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ