0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress Slash Theme XSS / Spoofing / Disclosure Vulnerabilities
[Hello list!
I want to warn you about multiple vulnerabilities in Slash WP theme for
WordPress. This is commercial theme for WP.
These are Full path disclosure, Cross-Site Scripting and Content Spoofing
vulnerabilities.
-------------------------
Affected products:
-------------------------
Vulnerable are all versions of Slash WP theme for WordPress. After I've
informed developers about these vulnerabilities in April, they just thanked
and promised to look at these vulnerabilities. There are no information if
they fixed these holes already or when they are planning to do it. So all
users of the theme should contact the developers for updates.
-------------------------
Affected vendors:
-------------------------
Dream-Theme
http://dream-theme.com
----------
Details:
----------
Full path disclosure (WASC-13):
http://site/wp-content/themes/slash-wp/
FPD in index.php and other php-files in plugin's folder and subfolders.
Cross-Site Scripting (WASC-08):
In the theme there are jPlayer 2.1.0 and JW Player 5.8.2011, about
vulnerabilities in which I wrote earlier (in 2012 and 2013).
http://site/wp-content/themes/slash-wp/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(document.cookie)//
http://site/wp-content/themes/slash-wp/js/jplayer/Jplayer.swf?id=%27))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//
http://site/wp-content/themes/slash-wp/js/jwplayer/player.swf?playerready=alert(document.cookie)
http://site/wp-content/themes/slash-wp/js/jwplayer/player.swf?displayclick=link&link=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B&file=1.jpg
There is flash file of JW Player at some sites with this theme, but not at
others. According to theme's description, theme has built-in support of JW
Player, but it's not included in standard bundle (only jPlayer). But it can
be installed separately and some web sites owners do it.
Content Spoofing (WASC-12):
About Content Spoofing vulnerabilities and about other XSS vulnerabilities
in JW Player (http://securityvulns.com/docs28176.html) and in jPlayer
(http://securityvulns.com/docs29316.html), you can read in corresponding
advisories.
------------
Timeline:
------------
2013.04.11 - announced at my site.
2013.04.12 - informed developers.
2013.06.20 - disclosed at my site (http://websecurity.com.ua/6440/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
# 0day.today [2024-07-02] #