| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <003001cd9bb0$9b888fe0$d299afa0$@gmail.com> Date: Wed, 26 Sep 2012 07:31:47 +0100 From: Scott Herbert <scott.a.herbert@...glemail.com> To: <full-disclosure@...ts.grok.org.uk> Subject: XSS vulnerability in wordpress plugin abc-test This effects version 0.1 of abc-test the hole is fixed in version 0.2 --------- Affected products: --------- Product : wordpress plugin abc-test Affected file: abctest_config.php ---- Details: ---- The file abctest_config.php does not sanitize the input from $_GET ['id'] effectively. This allows a user to launch a cross site scripting attack against this file. While the effectiveness of such an attack is somewhat limited by the wordpress platform adding \ to quotes, it still may be possible to inject cookie stealing objects (flash files for example). Example code: http://localhost/blog/wp-admin/admin.php?page=abctest&do=edit&id=%22%3E%3Ch1 %3EXSS%3C/h1 ------- Suggested fix: ------- Sanitize the $_GET super global. ---- Timeline: ---- 24-Sept-2012 Vendor and wordpress informed. 25-Sept-2012 Vendor confirmed the security issue and patched. 26-Sept-2012 Public release of the vulnerability, via the full disclosure and http://scott-herbert.com/blog/2012/09/26/xss-vulnerability-in-wordpress-plug in-abc-test-1107 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists