lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <82a62a5346e4f931ded282adad41c3fd@security.dxw.com>
Date: Mon, 12 Oct 2015 11:09:45 +0000
From: dxw Security <security@....com>
To: fulldisclosure@...lists.org
Subject: [FD] Full Path Disclosure vulnerability in JM Twitter Cards reveals
	the location of the WordPress installation on the server
	(WordPress plugin)

Details
================
Software: JM Twitter Cards
Version: 6.0
Homepage: https://wordpress.org/plugins/jm-twitter-cards
Advisory report: https://security.dxw.com/advisories/full-path-disclosure-vulnerability-in-jm-twitter-cards-reveals-the-location-of-the-wordpress-installation-on-the-server/
CVE: Awaiting assignment
CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)

Description
================
Full Path Disclosure vulnerability in JM Twitter Cards reveals the location of the WordPress installation on the server

Vulnerability
================
This plugin contains a Full Path Disclosure vulnerability (CWE-200). This allows an attacker to discover the full path to the WordPress installation on the server, which they could use to assist in other attacks.
For this to happen, the site would have to have the ‘display_errors’ option set to true.

Proof of concept
================
Turn on display_errors
Request http://mydomain.com/wp-content/plugins/jm-twitter-cards/views/settings.php from a browser.
The following error message will be displayed:
Fatal error: Call to undefined function esc_html_e() in /path/to/installation/wp-content/plugins/jm-twitter-cards/views/settings.php on line 3

Mitigations
================
Upgrade to version 6.2 or later.
If this is not possible, ensure that display_errors is turned off on a site running this plugin.

Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/

Please contact us on security@....com to acknowledge this report if you received it via a third party (for example, plugins@...dpress.org) as they generally cannot communicate with us on your behalf.

This vulnerability will be published if we do not receive a response to this report with 14 days.

Timeline
================
2015-07-29: Discovered
2015-07-30: Reported to vendor via contact form on http://www.tweetpress.fr/contact
2015-09-17: Vendor reported fixed
2015-10-12: Published
 


Discovered by dxw:
================
Duncan Stuart
Please visit security.dxw.com for more information.
          


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ