WordPress All In One WP Security 3.8.2 SQL Injection

30 settembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23231
Product: All In One WP Security WordPress plugin
Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy 
Vulnerable Version(s): 3.8.2 and probably prior
Tested Version: 3.8.2
Advisory Publication:  September 3, 2014  [without technical details]
Vendor Notification: September 3, 2014 
Vendor Patch: September 12, 2014 
Public Disclosure: September 24, 2014 
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-6242
Risk Level: Medium 
CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress All In One Security And Firewall 3.8.3 XSS

30 settembre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325
 
 
Release Date:
=============
2014-09-29
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1327
 
 
Common Vulnerability Scoring System:
====================================
3.3
 
 
Product & Service Introduction:
===============================
WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to your site by using a 
security plugin that enforces a lot of good security practices. The All In One...

Leggi il seguito »

Sigil 0.8.0, cosa cambia

29 settembre 2014 - Fonte: http://antrodelnerd.blogspot.com/
Sigil, il programma per creare e modificare e-book in formato EPUB, è ancora vivo e, dopo quasi un anno di silenzio, finalmente ne abbiamo una nuova versione, la 0.8.0, per l’appunto. Non che ci siano stati grandi cambiamenti, almeno in superficie, ed è probabile che grandi cambiamenti non ci saranno neppure in un futuro prossimo, dato il ritmo con cui il suo sviluppo procede: al momento, Sigil è un programma sviluppato e mantenuto, di fatto, da una sola persona, il che non offre grandi prospettive di aggiornamenti rapidi. Ma vediamo cosa sia cambiato.Prima di tutto, è cambiato il sito da cui poter scaricare gratuitamente Sigil. Le nuove versioni, per Windows, GNU-Linux e Macintosh, sono scaricabili da GitHub, ...

Leggi il seguito »

Come mostrare il Like Box di Facebook con bordi e ombre.

27 settembre 2014 - Fonte: http://www.ideepercomputeredinternet.com/
In linea di massima per installare i plugin di Facebook nel nostro sito ci vuole una trafila non semplicissima che parte dalla creazione di una applicazione specifica fino all'inserimento nel template dei metatag e di uno script che fanno parte dello strumento denominato Open Graph
I plugin di Facebook però non sono tutti uguali. Mentre il modulo dei commenti...

Leggi il seguito »

WordPress WooCommerce Reflected XSS

19 settembre 2014 - Fonte: http://www.mondounix.com
Details
================
Software: WooCommerce - excelling eCommerce
Version: 2.1.12
Homepage: http://wordpress.org/plugins/woocommerce/
Advisory report: 
https://security.dxw.com/advisories/reflected-xss-in-woocommerce-excelling-ecommerce-allows-attackers-ability-to-do-almost-anything-an-admin-user-can-do/
CVE: Awaiting assignment
CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P)
 
Description
================
Reflected XSS in WooCommerce – excelling eCommerce allows attackers ability to do almost anything an admin user can do
 
Vulnerability
================
An attacker able to convince a logged-in admin user to visit a link of their choosing (for instance via spearphishing) 
can execute arbitrary JavaScript within...

Leggi il seguito »

WordPress WP-Ban 1.62 Bypass

18 settembre 2014 - Fonte: http://www.mondounix.com
Details
================
Software: WP-Ban
Version: 1.62
Homepage: http://wordpress.org/plugins/wp-ban/
Advisory report: https://security.dxw.com/advisories/vulnerability-in-wp-ban-allows-visitors-to-bypass-the-ip-blacklist-in-some-configurations/
CVE: CVE-2014-6230
CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)
 
Description
================
Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some configurations
 
Vulnerability
================
This plugin allows blacklisting users based on their IP address, however it takes the IP address from the X-Forwarded-For header if available.
Not all Web server configurations will strip or replace X-Forwarded-For headers – in which case the IP ban can be bypassed...

Leggi il seguito »

HttpFileServer 2.3.x Remote Command Execution

16 settembre 2014 - Fonte: http://www.mondounix.com
ffected software: http://sourceforge.net/projects/hfs/
Version : 2.3x
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 11-09-2014
# Remote: Yes
# Exploit Author: Daniele Linguaglossa
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
 
issue exists due to a poor regex in the file ParserLib.pas
 
 
function findMacroMarker(s:string; ofs:integer=1):integer;
begin result:=reMatch(s, '\{[.:]|[.:]\}|\|', 'm!', ofs) end;
 
 
it will not handle null byte so a request to
 
http://localhost:80/search=%00{.exec|cmd.}
 
will...

Leggi il seguito »

WordPress Photo Album Plus 5.4.4 Cross Site Scripting

15 settembre 2014 - Fonte: http://www.mondounix.com
WP Photo Album Plus Security Vulnerabilities
 
Author: Milhouse 
Download: https://wordpress.org/plugins/wp-photo-album-plus/
Home Page: http://wppa.opajaap.nl/
Google dork: inurl:wp-content/plugins/wp-photo-album-plus
 
Set up:
Wordpress Version: 3.9.1, 3.9.2
WP Photo Album Plus version: 5.4.4, 5.4.3
Client browsers: FireFox 31, Internet Explorer 8-11
 
Issue number 1: A Cross-Site Scripting (reflective) vulnerability.
Details:
The plugin echoes the value of  the http header “User-Agent” back to the client browser. Allowing un-sanitized java script to be inserted. 
 
Severity: Low
 
Proof of Concept (POC):
Request:
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent:...

Leggi il seguito »

WordPress Plugin Vulnerability Dump – Part 2

10 settembre 2014 - Fonte: http://www.mondounix.com
More vulnerabilities in poorly coded plugins for y'all.
 
Ninja Forms v2.77 - Authorization bypass (regular users can delete forms, etc)
Contact Form v3.83 - Email header injection
WP to Twitter v2.9.3 - Authorization bypass (regular users can tweet to the admin's twitter account)
Xhanch - My Twitter v2.7.7 - CSRF (create and delete tweets)
TinyMCE Advanced v4.1 - (insignificant) CSRF
W3 Total Cache v0.9.4 - (minor) CSRF
WordPress Download Manager v2.6.92 - Authorization bypass (regular users can upload/delete arbitrary files, yes, even 
php files)
Wordfence Security v5.2.2 - Stored XSS
 
Details and POCs located: https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/
 
More to follow.
 
-Voxel...

Leggi il seguito »