| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <004601cc0929$c0b97330$0201a8c0@ml> Date: Tue, 3 May 2011 03:33:09 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk> Subject: Vulnerabilities in theme Magazeen для WordPress and Dotclear Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in theme Magazeen for WordPress and Dotclear. SecurityVulns ID: 11635. ------------------------- Affected products: ------------------------- Similarly to vulnerabilities in multiple themes for WordPress, Drupal, ExpressionEngine and Joomla, also theme Magazeen for WordPress and Dotclear is vulnerable. Just as earlier-mentioned themes for WordPress and other engines, similarly other themes for Dotclear can be vulnerable (at using of TimThumb). Vulnerable are versions of theme Magazeen (1.0 and next) for WP and DC with TimThumb 1.24 and previous versions. ---------- Details: ---------- Cross-Site Scripting (WASC-08), Full path disclosure (WASC-13), Abuse of Functionality (WASC-42) and Denial of Service (WASC-10) vulnerabilities are similar to those in earlier mentioned themes for WordPress, Drupal, ExpressionEngine and Joomla. Because these themes contain TimThumb, about vulnerabilities in which I wrote earlier (http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080258.html). For WordPress: XSS (WASC-08): http://site/wp-content/themes/magazeen/timthumb.php?src=%3Cbody%20onload=alert(document.cookie)%3E For Dotclear: XSS (WASC-08): http://site/themes/magazeen%5Bdc2%5D/timthumb.php?src=%3Cbody%20onload=alert(document.cookie)%3E Both versions of this theme are vulnerable to XSS, Full path disclosure, Abuse of Functionality and DoS. ------------ Timeline: ------------ 2011.02.08 - informed developer of TimThumb. 2011.02.13 - developer of TimThumb released version 1.25. 2011.04.30 - disclosed at my site about vulnerabilities in theme Magazeen. 2011.05.01 - informed both developers of theme Magazeen for WP and for DC (if they still haven't updated from 13th of February). I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/5120/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists