[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] IL and XSS vulnerabilities in multiple themes for WordPress

To: MustLive <mustlive@xxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] IL and XSS vulnerabilities in multiple themes for WordPress
From: David Sopas <davidsopas@xxxxxxxxx>
Date: Mon, 6 Jun 2011 22:43:33 +0100

Just checked on two of those themes you wrote (Typebased and NewsPress) and
they don't have any test.php file.
Did you check them all?



On 4 June 2011 17:17, MustLive <mustlive@xxxxxxxxxxxxxxxxxx> wrote:

> Hello list!
>
> I want to warn you about Information Leakage and Cross-Site Scripting
> vulnerabilities in multiple themes for WordPress.
>
> -------------------------
> Affected products:
> -------------------------
>
> Vulnerable are the next themes by WooThemes: Live Wire (all three themes
> from Live Wire series), Gotham News, Typebased, Blogtheme, VibrantCMS,
> Fresh
> News, The Gazette Edition, NewsPress, The Station, The Original Premium
> News, Flash News, Busy Bee, Geometric. Other vulnerable themes for WP are
> possible.
>
> ----------
> Details:
> ----------
>
> In different themes there is test.php - script with phpinfo() - which leads
> to Information Leakage (disclosure of FPD and other important information
> about the server) and XSS (in PHP < 4.4.1, 4.4.3-4.4.6).
>
> Information Leakage (WASC-13):
>
> http://site/wp-content/themes/_theme's_name_/includes/test.php
>
> XSS (WASC-08):
>
>
> http://site/wp-content/themes/_theme's_name_/includes/test.php?a[]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
>
> For Live Wire the script is placed at address
> http://site/wp-content/themes/livewire/includes/test.php, similarly for
> other themes.
>
> ------------
> Timeline:
> ------------
>
> 2011.04.11 - announced at my site.
> 2011.04.12 - informed developers.
> 2011.06.04 - disclosed at my site.
>
> These vulnerabilities are still not fixed by developers. So users of these
> themes are need to fix the vulnerabilities manually (e.g. by deleting of
> this script).
>
> I mentioned about these vulnerabilities at my site
> (http://websecurity.com.ua/5071/).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] IL and XSS vulnerabilities in multiple themes for WordPress
  - From: MustLive

References:
- [Full-disclosure] IL and XSS vulnerabilities in multiple themes for WordPress
  - From: MustLive

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2255-1] libxml2 security update
Next by Date: [Full-disclosure] ZDI-11-173: Novell iPrint nipplib.dll profile-time Remote Code Execution Vulnerability
Previous by thread: Re: [Full-disclosure] IL and XSS vulnerabilities in multiple themes for WordPress
Next by thread: Re: [Full-disclosure] IL and XSS vulnerabilities in multiple themes for WordPress
Index(es):
- Date
- Thread