| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <005a01cd0ded$b7da4e00$0100a8c0@ml> Date: Thu, 29 Mar 2012 23:50:43 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk> Subject: New XSS vulnerabilities in Register Plus Redux for WordPress Hello list! I want to warn you new about security vulnerabilities in Register Plus Redux for WordPress. These are Cross-Site Scripting vulnerabilities. After finding and fixing of 36 vulnerabilities in plugin Register Plus Redux in the end of previous year, I've released my version of the plugin with fixed vulnerabilities of original plugin. And recently during security audit of web site, on which Register Plus Redux was using, I've found two new XSS vulnerabilities in this plugin (which also take place on forks of this plugin). ------------------------- Affected products: ------------------------- Affected functionality appeared in Register Plus Redux potentially from version 3.7.2. Vulnerable are original Register Plus Redux and all plugins based on it. Particularly vulnerable are Register Plus Redux 3.7.2 and next versions, my versions Register Plus Redux 3.8 - 3.8.3, Register Plus Redux Auto Login 3.8.1 and previous versions. At 25.03.2012 I've fixed these vulnerabilities in my version Register Plus Redux 3.8.4. ---------- Details: ---------- XSS (WASC-08): At page http://site/wp-login.php?action=register in parameters user_login and user_email. http://websecurity.com.ua/uploads/2012/Register%20Plus%20Redux%20XSS-1.html http://websecurity.com.ua/uploads/2012/Register%20Plus%20Redux%20XSS-2.html These vulnerabilities are concerned with variable-width-encoding (with using of this technique it's possible to bypass protection filters). These exploits are for IE6, for other browsers other characters need to be used (this attack is possible in old browsers). ------------ Timeline: ------------ 2012.03.25 - found these vulnerabilities in the plugin. 2012.03.25 - fixed these vulnerabilities in my version of the plugin (Register Plus Redux 3.8.4). 2012.03.26-27 - informed users of my plugin and supplied them with new version. 2012.03.27 - disclosed at my site. 2012.03.28 - informed developer of original plugin. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/5745/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists