[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Vulnerabilities in Mimbo Pro theme for WordPress
- To: MustLive <mustlive@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Vulnerabilities in Mimbo Pro theme for WordPress
- From: Michele Orru <antisnatchor@xxxxxxxxx>
- Date: Thu, 14 Apr 2011 20:51:54 +0200
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
/italian/<br>
eh bona con sti advisory di merda.<br>
hai rotto il cazzo mustlive.<br>
ma non ti senti un noob ad usare acunetix e riportare le
vulnerabilita?<br>
e poi sempre sulla stessa roba cristo...<br>
non farmi aggiungere una regola anti-spam per il tuo indirizzo di
merda.<br>
e ke kezzo (banfi)<br>
/italian/<br>
<br>
antisnatchor<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:002401cbfad4$069e75d0$0201a8c0@ml" type="cite">
<div style="margin-left: 40px;">
<hr style="border-width: 1px 0pt 0pt; border-style: dotted none
none; border-color: rgb(181, 181, 181) -moz-use-text-color
-moz-use-text-color; height: 1px; margin: 0pt;"
class="__pbConvHr"><br>
</div>
<table style="padding-top: 5px;" class="__pbConvTable">
<tbody>
<tr>
<td valign="top"><img
src="cid:part1.02010200.05040205@gmail.com"
photoaddress="mustlive@xxxxxxxxxxxxxxxxxx"
photoname="MustLive" name="compose-unknown-contact.jpg"
height="29px" width="29px"></td>
<td style="padding-left: 5px;" valign="top"><a
moz-do-not-send="true"
href="mailto:mustlive@xxxxxxxxxxxxxxxxxx"; style="color:
rgb(0, 136, 204) ! important; text-decoration: none !
important;">MustLive</a><br>
<font color="#888888">April 14, 2011 8:44 PM</font></td>
</tr>
</tbody>
</table>
<div style="color: rgb(136, 136, 136); margin-left: 40px;"
__pbrmquotes="true" class="__pbConvBody"><br>
<div>Hello list!<br>
<br>
I want to warn you about Cross-Site Scripting, Full path
disclosure, Abuse<br>
of Functionality and Denial of Service vulnerabilities in
Mimbo Pro theme<br>
for WordPress. It's commercial theme for WP by developer of
TimThumb.<br>
<br>
-------------------------<br>
Affected products:<br>
-------------------------<br>
<br>
Vulnerable are Mimbo Pro 2.3.1 and previous versions. XSS is
possible only<br>
in old versions of the theme. After my informing, developer
have fixed<br>
almost all vulnerabilities.<br>
<br>
----------<br>
Details:<br>
----------<br>
<br>
XSS (WASC-08):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E">http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E</a><br>
<br>
Full path disclosure (WASC-13):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site";>http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site</a><br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/page.png&h=1&w=1111111";>http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/page.png&h=1&w=1111111</a><br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/page.png&h=1111111&w=1";>http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/page.png&h=1111111&w=1</a><br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/wp-content/themes/mimbopro/";>http://site/wp-content/themes/mimbopro/</a><br>
<br>
And also tens of php-scripts of the theme in folder /mimbopro/
and all<br>
subfolders.<br>
<br>
Abuse of Functionality (WASC-42):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site&h=1&w=1";>http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site&h=1&w=1</a><br>
<br>
DoS (WASC-10):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/big_file&h=1&w=1";>http://site/wp-content/themes/mimbopro/scripts/timthumb.php?src=http://site/big_file&h=1&w=1</a><br>
<br>
About such AoF and DoS vulnerabilities I wrote in article
Using of the sites<br>
for attacks on other sites<br>
(<a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html";>http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html</a>).<br>
<br>
------------<br>
Timeline:<br>
------------<br>
<br>
2011.02.08 - informed developer about vulnerabilities in
TimThumb.<br>
2011.02.08 - announced at my site.<br>
2011.02.09 - informed developer about vulnerabilities in Mimbo
Pro.<br>
2011.02.13 - developer released TimThumb 1.25 and begun
updating<br>
TimThumb in all his themes.<br>
2011.04.14 - disclosed at my site.<br>
<br>
I mentioned about these vulnerabilities at my site<br>
(<a class="moz-txt-link-freetext"
href="http://websecurity.com.ua/4913/";>http://websecurity.com.ua/4913/</a>).<br>
<br>
Best wishes & regards,<br>
MustLive<br>
Administrator of Websecurity web site<br>
<a class="moz-txt-link-freetext"
href="http://websecurity.com.ua";>http://websecurity.com.ua</a><br>
<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext"
href="http://secunia.com/";>http://secunia.com/</a><br>
</div>
</div>
</blockquote>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/