WordPress Daily Edition Theme 1.6.2 Cross Site Scripting

14 marzo 2015 - Fonte: http://www.mondounix.com
*WordPress Daily Edition Theme v1.6.2 XSS (Cross-site Scripting) Security
Vulnerabilities*

Exploit Title: WordPress Daily Edition Theme /fiche-disque.php id
Parameters XSS Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.*   v1.5.*   v1.4.*   v1.3.*   v1.2.*   v1.1.*
v.1.0.*
Tested Version: v1.6.2
Advisory Publication: March 10, 2015
Latest Update: March 10, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),
Singapore]

*Advisory Details:*

*(1) Vendor & Product...

Leggi il seguito »

WordPress Pie Register 2.0.14 Cross Site Scripting

12 marzo 2015 - Fonte: http://www.mondounix.com
[+]Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability
[+]Author: TUNISIAN CYBER
[+]Date: 09/03/2015
[+]Type:WebApp
[+]Risk:High
[+]Affected Version:All
[+]Overview:
Pie Register 2.x suffers, from an XSS vulnerability.
 
[+]Proof Of Concept:
 
[PHP]
global $piereg_dir_path;
include_once( PIEREG_DIR_NAME."/classes/invitation_code_pagination.php");
 
if(isset($_POST['notice']) && $_POST['notice'] ){
  echo '<div id="message" class="updated fade"><p><strong>' . $_POST['notice'] . '.</strong></p></div>';
}elseif(isset($_POST['error']) && $_POST['error'] ){
  echo '<div id="error" class="error fade"><p><strong>'...

Leggi il seguito »

WordPress Plugin Google Analytics by Yoast Stored XSS

9 marzo 2015 - Fonte: http://www.mondounix.com
Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
 
. contents:: Table Of Content
 
Overview
 
Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
Author: Kaustubh G. Padwad, Rohit Kumar.
Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytics/
Severity: Medium
Version Affected: Version 5.3.2 and mostly prior to it
Version Tested : Version 5.3.2
version patched:
Description
 
Vulnerable Parameter
 
Current UA-Profile
Manually enter your UA code
Label for those links
Set path for internal links to track as outbound links:
Subdomain tracking:
Extensions of files to track as downloads:
About Vulnerability
 
This plugin is vulnerable to...

Leggi il seguito »

ocPortal 9.0.16 Multiply XSS Vulnerabilities

9 marzo 2015 - Fonte: http://www.mondounix.com
# Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities
# Google Dork: "Copyright (c) ocPortal 2011 "
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://ocportal.com/
# Vendor contacted: 22-2-2015
# Fix: http://ocportal.com/site/news/view/security_issues/xss-vulnerability-patch.htm
# Version: 9.0.16
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64
 
ocPortal ->
Version:                9.0.16
Type:                   XSS
Severity:               Critical
Info Exploit:           There are MANY possibilities to execute XSS on the new released ocPortal.
 
All XSS attacks are done by a new registered user, so no extra rights are given. It's all standard.
 
#######################################################
Events/Calendar,...

Leggi il seguito »

Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting

6 marzo 2015 - Fonte: http://www.mondounix.com
= Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability =
 
-----------------------------------------------------------------------
Vendor Homepage : http://www.myupb.com
Software Link   : http://downloads.sourceforge.net/project/textmb/UPB/UPB%202.2.7/upb2.2.7.zip
Version         : 2.2.7
-----------------------------------------------------------------------
 
################
  Descriptions
################
 
myUPB is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the 
context of the affected site. 
This may allow the attacker...

Leggi il seguito »

WordPress Media Cleaner 2.2.6 Cross Site Scripting

5 marzo 2015 - Fonte: http://www.mondounix.com
# Exploit Title: Wordpress Media Cleaner - XSS
# Author: İsmail SAYGILI
# Web Site: www.ismailsaygili.com.tr
# E-Mail: iletisim@ismailsaygili.com.tr
# Date: 2015-02-26
# Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip
# Version: 2.2.6
 
 
# Vulnerable File(s):
                [+] wp-media-cleaner.php
 
# Vulnerable Code(s):
        [+] 647. Line
          $view = $_GET['view'] : "issues"; 
        [+] 648. Line  
          $paged = $_GET['paged'] : 1;
        [+] 653. Line
          $s = isset ( $_GET[ 's' ] ) ? $_GET[ 's' ] : null;
 
# Request Method(s):
                [+] GET
 
# Vulnerable Parameter(s):
                [+] view, paged, s
 
 
 
#...

Leggi il seguito »

Cross Site Tracer Script

5 marzo 2015 - Fonte: http://www.mondounix.com
#!/usr/bin/python
# Cross-Site Tracer by 1N3 v20150224
# https://crowdshield.com
#
# ABOUT: A quick and easy script to check remote web servers for Cross-Site Tracing. For more robust mass scanning, create a list of domains or IP addresses to iterate through by running 'for a in `cat targets.txt`; do ./xsstracer.py $a 80; done;'
#
# USAGE: xsstracer.py <IP/host> <port>
#
 
import socket
import time
import sys, getopt
 
class bcolors:
    HEADER = '\033[95m'
    OKBLUE = '\033[94m'
    OKGREEN = '\033[92m'
    WARNING = '\033[93m'
    FAIL = '\033[91m'
    ENDC = '\033[0m'
    BOLD = '\033[1m'
    UNDERLINE = '\033[4m'
 
def main(argv):
  argc = len(argv)
 
  if argc <= 2:
    print bcolors.OKBLUE...

Leggi il seguito »

WordPress ADPlugg 1.1.33 Cross Site Scripting

26 febbraio 2015 - Fonte: http://www.mondounix.com
=====================================================
Stored XSS Vulnerability in ADPlugg  Wordpress Plugin 
=====================================================
 
. contents:: Table Of Content
 
Overview
========
 
* Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/adplugg/
* Severity: Medium
* Version Affected: 1.1.33 and mostly prior to it
* Version Tested : 1.1.33
* version patched: 1.1.34
 
Description 
===========
 
Vulnerable Parameter  
--------------------
 
*  Access Code
 
About Vulnerability
-------------------
This plugin is vulnerable to a Stored cross site scripting vulnerability,This...

Leggi il seguito »

WordPress WooCommerce 2.2.10 Cross Site Scripting

26 febbraio 2015 - Fonte: http://www.mondounix.com
====================================================
Product: WooCommerce WordPress plugin
Vendor: WooThemes
Tested Version: 2.2.10
Vulnerability Type: Cross-Site Scripting [CWE-79]
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solved in version 2.2.11
Discovered and Provided: Eric Flokstra - ITsec Security Services
====================================================
[-] About the Vendor:
 
WooCommerce is a popular open source WordPress e-commerce plugin with 
around 6.2 million downloads.It is built by WooThemes and designed for 
small to large-sized online merchants.
 
[-] Advisory Details:
 
The WooCommerce plugin gives users the ability to see their stores 
performance...

Leggi il seguito »

WordPress Google Doc Embedder 2.5.18 Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Google Doc Embedder' plugin - XSS
Version: 2.5.18
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/google-document-embedder/
Contacted WordPress: 2015/01/26
==========================================================
 
## Description: 
==========================================================
Lets you embed PDF, MS Office, and many other file types in a web page using the free Google Docs Viewer (no Flash or PDF browser plug-ins required). 
 
 
## XSS:
==========================================================
By tricking a logged in admin into visiting a crafted page, it is possible to perform an XSS attack through the 'profile' parameter.
 
PoC:
Log...

Leggi il seguito »