Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 16 Jan 2016 13:45:44 +0200
From: Henri Salo <henri@...v.fi>
To: Rahul Pratap Singh <techno.rps@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE Request: Commentator WordPress Plugin 2.5.2
 XSS Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jan 13, 2016 at 07:42:12PM +0530, Rahul Pratap Singh wrote:
> I would request you to assign CVE id to this issue.
> 
> file: commentator.php
> 
> line:441
> $provider_name = $_REQUEST["provider"];
> line:544
> <div id="commentator-social-signin" class="commentator-<?php echo
> $provider_name; ?>">
>
> /wp-admin/admin-ajax.php?action=commentator_social_signin&provider=facebook">%20<IMG%20SRC=axc%20onerror=alert(1)>
> 
> https://0x62626262.files.wordpress.com/2016/01/commentatorxsspoc.png
> http://codecanyon.net/item/commentator-wordpress-plugin/6425752
> https://0x62626262.wordpress.com/2016/01/13/commentator-wordpress-plugin-xss-vulnerability
> 
> Fix: Update to 2.5.3

Are you sure that this plugin is open source software? There is a plugin named
"commentator" in the WordPress Plugin Directory[1,2], but it seems to be
different codebase (might be older version) and last update is 2012-10-28. Item
in codecanyon.net requires paid license.

1: http://plugins.svn.wordpress.org/commentator/trunk/
2: http://plugins.svn.wordpress.org/commentator/trunk/readme.txt

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWmi1oAAoJECet96ROqnV0W9MQAM7/GMMtvzWRATSgzTXJhcw3
HnNwxM37fwyUOxxkAiwI0Qhb5btrZ4mnIK1oOpHZ1d55le/6GBdvxG28lmN9KZBs
8iiv26hX1D/+tDyXWLtRaZUwC46Mx7geoNoH55dk+MWip1LdhIDjc7eqvB26GT04
nq8y5gPHUv6VEtS/rgLzW6VVrATVxCTOvHMEzvxgbkHmntDRIaVsDk+krQ8HnlUM
U7x0REkQmvhM+lAascIaS0vYLz+Had1+Us4F+cA88FPpA2UGzXvRXOcoyYLGu5H+
99RgnTP1x1Lk6/1E5NYfSnyNwsS8wFsxw8SlUEbRJaEqFJSYjhHq0ho+yVTC9ekx
z2y0AfOZ/5xjsUZkJgJOwV9ovXVwhe1S55ChmgJRsQ20wc0w8qSgQVd+7+PEiMvb
ZJxie5x0vsc9X8jQPPBrYCA9RfDIQnNeYcebdECZm/zg0IvGBTKqu2ZSht8ndymC
W8yZop/BkXO9Ge1SLW2jpRkTJG6moH/k7b0X4Lim1GtaAi21hdUvgOZ8LLQnWk0G
AphLO8mSauqyEU5sY2g3zHMVbIGzjuQ8Iw2So1WNLdoxss5lm75YEhCij0bpVXSb
7bCLrlvxPtbphuEA2Mb8R9jPQ7xI66EqjOu+yZfyUnfY27Co7sCUGUnkLGoxfhHU
t0yWufUCj9ZCW7lfA01K
=dsWg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.