WordPress Add Link to Facebook Stored Cross Site Scripting

23 aprile 2015 - Fonte: http://www.mondounix.com
Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin
 
Author: Rohit Kumar
 
Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/
 
Severity: Medium
 
Version Affected: Version 1.215 and mostly prior to it.
 
Version Tested: Version 1.215
 
Version Patched : 1.215
 
Description:
 
Vulnerable Parameter
1. App ID
2. App Secret
3. Custom Picture URL
4. Default Picture URL
5. URL News Feed Icon
 
About Vulnerability
This plugin is vulnerable to Stored Cross Site Scripting Vulnerability. This issue was exploited when user
accessed to “Add Link to Facebook” Settings in Wordpress with Administrator privileges. A malicious
administrator can hijack...

Leggi il seguito »

WordPress WP Statistics 9.1.2 Cross Site Scripting

22 aprile 2015 - Fonte: http://www.mondounix.com
===========================================================
Stored XSS Vulnerability in WP Statistics  Wordpress Plugin 
===========================================================
 
. contents:: Table Of Content
 
Overview
========
 
* Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/wp-statistics/
* Severity: Medium
* Version Affected: 9.1.2 and mostly prior to it
* Version Tested : 9.1.2
* version patched: 9.1.3
 
Description 
===========
 
Vulnerable Parameter  
--------------------
 
*  Check for online users every:
*  Coefficient per visitor:
 
 
About Vulnerability
-------------------
This...

Leggi il seguito »

WordPress MiwoFTP 1.0.5 CSRF Command Execution

22 aprile 2015 - Fonte: http://www.mondounix.com
WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)
 
 
Vendor: Miwisoft LLC
Product web page: http://www.miwisoft.com
Affected version: 1.0.5
 
Summary: MiwoFTP is a smart, fast and lightweight file manager
plugin that operates from the back-end of WordPress.
 
Desc: MiwoFTP WP Plugin suffers from a cross-site request forgery
remote code execution vulnerability. The application allows users
to perform certain actions via HTTP requests without performing any
validity checks to verify the requests. This can be exploited to
perform certain actions like executing arbitrary PHP code by uploading
a malicious PHP script file, with administrative privileges, if a
logged-in user visits a malicious...

Leggi il seguito »

WordPress MiwoFTP 1.0.5 Cross Site Request Forgery

22 aprile 2015 - Fonte: http://www.mondounix.com
WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit
 
 
Vendor: Miwisoft LLC
Product web page: http://www.miwisoft.com
Affected version: 1.0.5
 
Summary: MiwoFTP is a smart, fast and lightweight file manager
plugin that operates from the back-end of WordPress.
 
Desc: Input passed to the 'selitems[]' parameter is not properly
sanitised before being used to delete files. This can be exploited
to delete files with the permissions of the web server using directory
traversal sequences passed within the affected POST parameter.
 
Tested on: Apache 2.4.10 (Win32)
           PHP 5.6.3
           MySQL 5.6.21
 
 
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                  ...

Leggi il seguito »

WordPress Duplicator 0.5.14 Cross Site Request Forgery / SQL Injection

16 aprile 2015 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : Wordpress Duplicator <= 0.5.14 - SQL Injection & CSRF
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://lifeinthegrid.com/labs/duplicator/
 
# Software Link : https://downloads.wordpress.org/plugin/duplicator.0.5.14.zip
 
# Date : 2015-04-08
 
# Tested on : Linux / Mozilla Firefox         
 
######################
 
# Description
 
 Wordpress Duplicator 0.5.14 suffers from remote SQL Injection Vulnerability
 
 
 Location file: /view/actions.php
 
 This is the bugged ajax functions wp_ajax_duplicator_package_delete:
 
 function duplicator_package_delete() {
 
  DUP_Util::CheckPermissions('export');
 
...

Leggi il seguito »

WordPress Shareaholic 7.6.0.3 Cross Site Scripting

8 aprile 2015 - Fonte: http://www.mondounix.com
# Exploit Title: Shareaholic 7.6.0.3 XSS
# Date: 10-11-2014
# Software Link: https://wordpress.org/plugins/shareaholic/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# CVE: CVE-2014-9311
# Category: webapps
 
1. Description
 
ShareaholicAdmin::add_location is accessible for every registered user.
 
File: shareaholic\shareaholic.php
 
add_action('wp_ajax_shareaholic_add_location',  array('ShareaholicAdmin', 'add_location'));
 
 
$_POST['location'] is not escaped.
 
File: shareaholic\admin.php
 
public static function add_location() {
  $location = $_POST['location'];
  $app_name = $location['app_name'];
  ShareaholicUtilities::update_options(array(
...

Leggi il seguito »

pfSense Arbitrary file deletion and multiple XSS

31 marzo 2015 - Fonte: http://www.mondounix.com
Advisory ID: HTB23251
Product: pfSense
Vendor: Electric Sheep Fencing LLC 
Vulnerable Version(s): 2.2 and probably prior
Tested Version: 2.2
Advisory Publication:  March 4, 2015  [without technical details]
Vendor Notification: March 4, 2015 
Vendor Patch: March 5, 2015 
Public Disclosure: March 25, 2015 
Vulnerability Type: Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352]
CVE References: CVE-2015-2294, CVE-2015-2295
Risk Level: Medium 
CVSSv2 Base Scores: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N), 5.4 (AV:N/AC:H/Au:N/C:N/I:N/A:C)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory...

Leggi il seguito »

WordPress AB Google Map Travel CSRF / XSS

30 marzo 2015 - Fonte: http://www.mondounix.com
===============================================================================
CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin 
===============================================================================
 
. contents:: Table Of Content
 
Overview
========
 
* Title :Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/ab-google-map-travel/
* Severity: HIGH
* Version Affected: Version 3.4  and mostly prior to it
* Version Tested : Version  3.4
* version patched: 
 
Description 
===========
 
Vulnerable Parameter  
--------------------
 
* Latitude:
* Longitude:
*...

Leggi il seguito »

WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

14 marzo 2015 - Fonte: http://www.mondounix.com
*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id
Parameters XSS Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.*   v1.5.*   v1.4.*   v1.3.*   v1.2.*   v1.1.*
v.1.0.*
Tested Version: v1.6.2
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),
Singapore]

*Advisory Details:*

*(1) Vendor & Product...

Leggi il seguito »

WordPress Pie Register 2.0.14 Cross Site Scripting

12 marzo 2015 - Fonte: http://www.mondounix.com
[+]Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 09/03/2015
[+]Type:WebApp
[+]Risk:High
[+]Affected Version:All
[+]Overview:
Pie Register 2.x suffers, from an XSS vulnerability.
 
[+]Proof Of Concept:
 
[PHP]
global $piereg_dir_path;
include_once( PIEREG_DIR_NAME."/classes/invitation_code_pagination.php");
 
if(isset($_POST['notice']) && $_POST['notice'] ){
  echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '.</strong></p></div>';
}elseif(isset($_POST['error']) && $_POST['error'] ){
  echo '<div id="error" class="error fade"><p><strong>'...

Leggi il seguito »