WordPress, nuova vulnerabilità XSS

24 novembre 2014 - Fonte: http://www.outofbit.it

Le vulnerabilità XSS sono da sempre lo stigma di WordPress, che nonostante i continui e ripetuti aggiornamenti incappa costantemente in questa tipologia di bug. Ecco come comportarsi a riguardo

wordpress 1111 Wordpress, nuova vulnerabilità XSS

WordPress e XSS: la strana coppia

Non nuovo a questo genere di impedimenti, WordPress è incappato nuovamente in una delle temibili...

Leggi il seguito »

Supr Shopsystem 5.1.0 Cross Site Scripting

23 novembre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
Supr Shopsystem v5.1.0 - Persistent UI Vulnerability
 
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1353
 
 
Release Date:
=============
2014-11-07
 
 
Vulnerability Laboratory ID (VL-ID):
====================================
1353
 
 
Common Vulnerability Scoring System:
====================================
3.1
 
 
Product & Service Introduction:
===============================
SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. 
Without installation and own webspace you can begin to create products and content right after...

Leggi il seguito »

WordPress 3.9.2 Cross Site Scripting

21 novembre 2014 - Fonte: http://www.mondounix.com
 
OVERVIEW
========
 
A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don't require authentication by default.
 
The JavaScript injected into a comment is executed when the target user views it, either on a blog post, a page, or in the Comments section of the administrative Dashboard.
 
In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue. The exploit is not then visible to normal users, search engines, etc.
 
When a blog administrator goes to the Dashboard/Comments section to review new comments,...

Leggi il seguito »

Joomla Simple Email Form 1.8.5 Cross Site Scripting

20 novembre 2014 - Fonte: http://www.mondounix.com
Advisory ID: HTB23241
Product: Simple Email Form Joomla Extension
Vendor: Doug Bierer
Vulnerable Version(s): 1.8.5 and probably prior
Tested Version: 1.8.5
Advisory Publication:  October 29, 2014  [without technical details]
Vendor Notification: October 29, 2014 
Public Disclosure: November 19, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8539
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech...

Leggi il seguito »

Pandora FMS 5.1SP1 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
I. VULNERABILITY
 
-------------------------
 
XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031
 
II. BACKGROUND
Pandora FMS is the monitoring software chosen by several companies all around the world for managing their IT infrastructure. Besides ensuring high performance and maximum flexibility, it has aIII.
 
DESCRIPTION
-------------------------
Has been detected a Reflected XSS vulnerability in Pandora FMS in page visualization agents, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser.
 
The code injection is done through the parameter "refr" in the page “/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=”
 
IV....

Leggi il seguito »

Openkm Document Management System 6.4.17 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
Openkm Document Management System Suffers From Cross Site Scripting Attack
 
http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili
ties/openkm.jpg
 
Version <=6.4.17
Software Test http://demo.openkm.com/OpenKM/login.jsp
Auther :  <https://www.facebook.com/khalil.shr> Khalil
<https://www.facebook.com/khalil.shr> Shreateh
 
Auther Website: http://khalil-shreateh.com
Status : Reported .
Report Link : http://issues.openkm.com/view.php?id=3056
 
Attack Description
 
log in with any user
Navigate to :
<http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale
rt%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
>
http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer
t%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
 
 
 
POC...

Leggi il seguito »

Nibbleblog 4.0.1 Cross Site Scripting

18 novembre 2014 - Fonte: http://www.mondounix.com
=============================================
MGC ALERT 2014-002
- Original release date: March 5, 2014
- Last revised:  November 17, 2014
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================
 
I. VULNERABILITY
-------------------------
Reflected XSS in Nibbleblog <= v4.0.1
 
II. BACKGROUND
-------------------------
Nibbleblog is a powerful engine for creating blogs, all you need is PHP to
work.
 
III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in Nibbleblog, that allows
the execution of arbitrary HTML/script code to be executed in the context
of the victim user's browser.
 
The code injection...

Leggi il seguito »

WordPress SupportEzzy Ticket System 1.2.5 Cross Site Scripting

14 novembre 2014 - Fonte: http://www.mondounix.com
# Exploit Title: SupportEzzy Ticket System - WordPress Plugin Stored XSS Vulnerability
# Date: 12-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.2.5
# Vendor Homepage: http://codecanyon.net/item/supportezzy-ticket-system-wordpress-plugin/8908617
# Software Test Link: http://demo.cssjockey.com/cjsupport/supportezzy/
# Tested on: Iceweasel and Chrome
 
# Vulnerabilities Description:
 
===Stored XSS===
Register and login to system and then submit new ticket. "URL (optional)"
input is not secure. You can run XSS payloads, use sample payload to test.
 
Sample Payload for Stored XSS: http://example.com
"><script>alert(document.cookie);</script>
 
===Solution===
Filter the input...

Leggi il seguito »

Trovata vulnerabilità nel nuovo sito di Panorama.it

13 novembre 2014 - Fonte: http://www.fabionatalucci.it
Seguo spesso le notizie su Panorama, qualche giorno fa ho notato che hanno aggiornato il sito con una nuova grafica e l'utilizzo di wordpress. Mossa che definirei azzardata,  wordpress se non...

Leggi il post completo ...

Leggi il seguito »

WordPress Classifieds Cross Site Scripting – SQL Injection

10 novembre 2014 - Fonte: http://www.mondounix.com
Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting  
Author: dill 
download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client 
Webpage: http://awpcp.com/
 
Issue number 1: Cross-site scripting (reflective) 
 
Details: 
An arbitrarily supplied URL parameter is copied into the value of an HTML tag attribute and then encapsulated in double quotation marks. This is then echoed in the applications response. 
 
Proof-of-Concept (PoC): 
http://vulnerable.server/?page_id=16587&step=send-access-key&a40f8%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E76975=1
 
Issue number 2: SQL injection
Details:
The parameter “keywordphrase” is susceptible to a...

Leggi il seguito »