| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 14 Sep 2014 23:11:13 -0700 From: "Voxel@...ht" <voxelnight@...atioustendencies.com> To: <fulldisclosure@...lists.org> Subject: [FD] Wordfence v5.2.3 (Wordpress Security Plugin) - Multiple Vulnerabilities Wordfence v5.2.3 suffers from multiple vulnerabilities. Stored XSS in IPTraf.php resulting from failing to sanitize $_SERVER['REQUEST_URI'] Stored XSS in cached pages resulting from failing to sanitize $_SERVER['HTTP_HOST'] <-- Yep, you can put javascript in the host header Insufficient Logging - One can trivially avoid having your requests logged because of some crappy code designed to filter out some types of requests Throttle bypass - Unlogged requests won't trigger automatic throttling and banning Revolution Slider exploit protection bypass - people seriously need to learn how $_REQUEST works. Also, if you have a few bucks to buy a domain name, you can make the plugin tell the admin that your IP belongs to google when they try to ban you. Details can be found here: https://vexatioustendencies.com/wordfence-v5-2-3-2-stored-xss-insufficient-logging-throttle-bypass-exploit-detection-bypass/ -Voxel@...ht _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists