WordPress Bulletproof-Security .51 Multiple Vulnerabilities

Iniciado por Mayk0, Noviembre 07, 2014, 01:54:49 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

WordPress Bulletproof-Security .51 Multiple Vulnerabilities
Fecha    2014-11-06
Categoria    web applications
Platforma    php

CVE    CVE-2014-7958,
WordPress Bulletproof-Security version .51 suffers from SSRF, cross site scripting, and remote SQL injection vulnerabilities.

Vulnerability title: Wordpress bulletproof-security <=.51 multiple
Author: Pietro Oliva
CVE: CVE-2014-7958, CVE-2014-7959, CVE-2014-8749
Vendor: AITpro
Product: bulletproof-security
Affected version: bulletproof-security <= .51
Vulnerabilities fixed in version: .51.1


xss vulnerability (CVE-2014-7958):

POST /wp-content/plugins/bulletproof-security/admin/htaccess/bpsunlock.php


SQL injection vulnerability (CVE-2014-7959, correct db username and
password is required in order to exploit this):

POST /wordpress/wp-content/plugins/bulletproof-security/admin/htaccess/bpsunlock.php


SSRF vulnerability (CVE-2014-8749)

POST /wp-content/plugins/bulletproof-security/admin/htaccess/bpsunlock.php

Possible scenario:

- the user sends a request with username, password, host and other
parameters to the vulnerable page
- the server doesn't check the host parameter to be in a whitelist of
permitted databases
- the server performs an authentication request to a remote or
internal network database and gives back to the attacker the
authentication result
-After n attemps the attacker has bypassed access restrictions (if
any) to the remote database, discovered the remote database password,
and made it appear bulletproof-security as the source of the attack.

Extra step:
-If the sql injection flaw (CVE-2014-7959) is not fixed, an attacker
could also execute arbitrary sql statement on the remote server, as
the vulnerable page executes a query if the authentication is
successful (without filtering or use prepared statements). The source
of the attack would appear to be the bulletproof-security vulnerable
No tienes permitido ver los links. Registrarse o Entrar a mi cuenta

Pues... Parece ser que son vulnerabilidades relativamente importantes. Por eso me gusta tanto PHP...  Para vulnerar :)