lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <00ee01cdff18$2efd1b90$9b7a6fd5@pc>
Date: Wed, 30 Jan 2013 20:31:57 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk>,
	"1337 Exploit DataBase" <mr.inj3ct0r@...il.com>
Subject: Vulnerabilities in WordPress Attack Scanner for
	WordPress

Hello list!

I want to warn you about security vulnerabilities in WordPress Attack 
Scanner plugin for WordPress.

These are Information Leakage vulnerabilities. This is security plugin. In 
my 63 advisories about different vulnerabilities in WordPress plugins 
(http://websecurity.com.ua/3397/) I've wrote about security plugins many 
times. Previous time it was plugin Wordfence Security.

-------------------------
Affected products:
-------------------------

Vulnerable are all versions of WordPress Attack Scanner - both Free and Pro 
(commercial) versions of the plugin. Checked in WP-Attack-Scanner-Free 
0.9.5.beta.

----------
Details:
----------

Information Leakage (WASC-13):

http://site/wp-content/plugins/path/data.txt

http://site/wp-content/plugins/path/archive.txt

Folder "path" can be WP-Attack-Scanner or WP-Attack-Scanner-Free.

Unrestricted access to the data - they can be accessed in the browser 
without authorization. Even the data is encrypted, but by default the 
password is "changepassword". If the password was not changed, then the data 
is easily decrypting. If it was changed, then the password can be picked up.

------------
Timeline:
------------ 

2012.10.29 - announced at my site.
2012.11.03 - informed developers (at one e-mail).
2012.11.04 - informed developers (at another e-mail).
2013.01.29 - disclosed at my site (http://websecurity.com.ua/6120/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists