WordPress ADPlugg 1.1.33 Cross Site Scripting

26 febbraio 2015 - Fonte: http://www.mondounix.com
=====================================================
Stored XSS Vulnerability in ADPlugg  Wordpress Plugin 
=====================================================
 
. contents:: Table Of Content
 
Overview
========
 
* Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/adplugg/
* Severity: Medium
* Version Affected: 1.1.33 and mostly prior to it
* Version Tested : 1.1.33
* version patched: 1.1.34
 
Description 
===========
 
Vulnerable Parameter  
--------------------
 
*  Access Code
 
About Vulnerability
-------------------
This plugin is vulnerable to a Stored cross site scripting vulnerability,This...

Leggi il seguito »

WordPress WooCommerce 2.2.10 Cross Site Scripting

26 febbraio 2015 - Fonte: http://www.mondounix.com
====================================================
Product: WooCommerce WordPress plugin
Vendor: WooThemes
Tested Version: 2.2.10
Vulnerability Type: Cross-Site Scripting [CWE-79]
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solved in version 2.2.11
Discovered and Provided: Eric Flokstra - ITsec Security Services
====================================================
[-] About the Vendor:
 
WooCommerce is a popular open source WordPress e-commerce plugin with 
around 6.2 million downloads.It is built by WooThemes and designed for 
small to large-sized online merchants.
 
[-] Advisory Details:
 
The WooCommerce plugin gives users the ability to see their stores 
performance...

Leggi il seguito »

Juli Man-In-The-Middle Script

25 febbraio 2015 - Fonte: http://www.mondounix.com
#!usr/bin/perl
use Term::ANSIColor;
############################################################################
print "**************************************************************\n";  #
print "+ -==                        JULI                        ==- +\n";  #
print "+ -==          Man-in-the-middle  Attack Script          ==- +\n";  #
print "+ -== By em616 , em(at)em616.com , http://blog.em616.com ==- +\n";  #
print "**************************************************************\n";  #
############################################################################
 
# Cleaning stuff
system "killall -9 sslstrip arpspoof:";
system "echo '0' > /proc/sys/net/ipv4/ip_forward";
system...

Leggi il seguito »

Comcast si “ispira” ad Apple per mettere in risalto il design di un telecomando per TV

18 febbraio 2015 - Fonte: http://www.italgeek.com

La famosa frase che mette in risalto il design Apple, “Designed by Apple in California” ora ispira anche altri produttori, come ad esempio Comcast.

image

Uno dei particolari più interessanti legati al design dei prodotti Apple è sicuramente la frase presente su ogni dispositivo (Designed by Apple in California). Certo, una frase che vuole farsi notare e che vuole enfatizzare la “purezza” del design “made in Cupertino”. In ogni caso ormai...

Leggi il seguito »

WordPress Google Doc Embedder 2.5.18 Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Google Doc Embedder' plugin - XSS
Version: 2.5.18
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/google-document-embedder/
Contacted WordPress: 2015/01/26
==========================================================
 
## Description: 
==========================================================
Lets you embed PDF, MS Office, and many other file types in a web page using the free Google Docs Viewer (no Flash or PDF browser plug-ins required). 
 
 
## XSS:
==========================================================
By tricking a logged in admin into visiting a crafted page, it is possible to perform an XSS attack through the 'profile' parameter.
 
PoC:
Log...

Leggi il seguito »

WordPress Spider Facebook 1.0.10 Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'WordPress Facebook' plugin - XSS
Version: 1.0.10
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/spider-facebook/
Contacted WordPress: 2015/01/26
==========================================================
 
## Description: 
==========================================================
Spider Facebook is a WordPress integration tool for Facebook.It includes all the available Facebook social plugins and widgets to be added to your web
 
## XSS:
==========================================================
Some parameters are shown unsanitized, making XSS possible.
 
PoC:
Log in as admin an submit one of the following forms:
<form method="POST"...

Leggi il seguito »

WordPress Redirection Page 1.2 CSRF / XSS

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Redirection Page' CSRF/XSS
Version: 1.2
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015-01-26
Download: https://wordpress.org/plugins/redirection-page/
Contacted WordPress: 2015-01-26
==========================================================
 
## Plugin description: 
==========================================================
Redirect your specified pages, it is usefull when you have 404/not-found pages. Go to Settings Page to start redirection. 
 
## CSRF:
==========================================================
It is possible to change the plugins redirect settings by tricking a logged in admin to visit a crafted page. 
 
 
## Stored XSS:
==========================================================
Redirect...

Leggi il seguito »

WordPress Cross Slide 2.0.5 Cross Site Request Forgery / Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Cross Slide' plugin - XSS/CSRF
Version: 2.0.5
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/crossslide-jquery-plugin-for-wordpress/
Contacted WordPress: 2015/01/26
==========================================================
 
## Plugin description: 
==========================================================
The CrossSlide jQuery plugin for WordPress is designed to quickly add the JS and CSS requirements to operate the jQuery slideshow. 
 
## CSRF:
==========================================================
It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. 
 
 
## Stored XSS:
==========================================================
Settings...

Leggi il seguito »

WordPress Mobile Domain 1.5.2 Cross Site Request Forgery / Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Mobile Domain' CSRF/XSS
Version: 1.5.2
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/mobile-domain/
Contacted WordPress: 2015/01/26
==========================================================
 
## Description: 
==========================================================
Redirect WordPress blog from desktop domain to mobile subdomain and create Mobile XML Sitemap. 
 
## CSRF:
==========================================================
It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. 
 
 
## Stored XSS:
==========================================================
Settings data...

Leggi il seguito »

WordPress WPLMS 1.8.4.1 Privilege Escalation

18 febbraio 2015 - Fonte: http://www.mondounix.com
------------------------------------------------------------------------------
WordPress WPLMS Theme Previlege Escalation
------------------------------------------------------------------------------
 
[-] Author: Evex
 
http://packetstormsecurity.com/user/evex/
twitter: https://twitter.com/Evexola
 
[-] Theme Link:
 
http://themeforest.net/item/wplms-learning-management-system/6780226
 
[-] Affected Version:
 
Version 1.8.4.1
 
[-] Vulnerability Description:
 
The vulnerable code is located in the /includes/func.php
script:
 
add_action( 'wp_ajax_import_data', 'import_data' );
function import_data(){
  $name = stripslashes($_POST['name']);
  $code = base64_decode(trim($_POST['code']));
...

Leggi il seguito »