Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29013
HistoryFeb 04, 2013 - 12:00 a.m.

Vulnerabilities in WordPress Attack Scanner for WordPress

2013-02-0400:00:00
vulners.com
14
JSON

Hello 3APA3A!

I want to warn you about security vulnerabilities in WordPress Attack Scanner plugin for WordPress.

These are Information Leakage vulnerabilities. This is security plugin. In my 63 advisories about different vulnerabilities in WordPress plugins (http://websecurity.com.ua/3397/) I've wrote about security plugins many times. Previous time it was plugin Wordfence Security.

Affected products:

Vulnerable are all versions of WordPress Attack Scanner - both Free and Pro (commercial) versions of the plugin. Checked in WP-Attack-Scanner-Free 0.9.5.beta.

Details:

Information Leakage (WASC-13):

http://site/wp-content/plugins/path/data.txt

http://site/wp-content/plugins/path/archive.txt

Folder "path" can be WP-Attack-Scanner or WP-Attack-Scanner-Free.

Unrestricted access to the data - they can be accessed in the browser without authorization. Even the data is encrypted, but by default the password is "changepassword". If the password was not changed, then the data is easily decrypting. If it was changed, then the password can be picked up.

Timeline:

2012.10.29 - announced at my site.
2012.11.03 - informed developers (at one e-mail).
2012.11.04 - informed developers (at another e-mail).
2013.01.29 - disclosed at my site (http://websecurity.com.ua/6120/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON