Search This Blog

Showing posts with label Wordpress Vulnerability. Show all posts

Zero-day Stored XSS Vulnerability Allowed Attackers to Compromise 70,000 Websites

Researchers found out that "Social Warfare", a social sharing plug-in powered by Warfare Plugins is infected with a critical Stored XSS Zero-day flaw which allows cybercriminals to place malicious scripts and conquer the assailable WordPress websites.

'Social Warfare' is a social sharing plugin which is essentially used to accumulate more website traffic by receiving more social shares for website developers.

Amidst some of the plugins debugging features, the plug-in carries an exploitable code which assists the payload in being stored in the website's database and reclaimed with every page request.

Referencing from Sucuri research, “These features aren’t directly used anywhere and rely on various $_GET parameters to be executed, which makes it easy to see if your site was attacked using this vulnerability."

The exploit which was rampantly distributed across the globe is a critical flaw that has allowed hackers to entirely gain control of the ill-protected websites in the sphere.

As the abuse of the exploit continued, multiple ongoing attempts from over a hundred distinct IPs were noticed by the analysts.

Reportedly, around 70,000 websites have the plugin installed and the attacks are likely to multiply if the flaw is left unpatched. Meanwhile, users are advised by the experts to get an update to version 3.5.3.

Latest WordPress version 3.5.1 vulnerable to Denial of Service

A security researcher Krzysztof Katowicz-Kowalewski has discovered a critical DOS vulnerability in the latest version of Wordpress (v3.5.1) that allows cybercriminals to cause Denial of service.

The security flaw is "caused due to an error when calculating the hash cycle count within the "crypt_private()" method in /wp-includes/class-phpass.php" according to Secunia report.

By sending specially crafted password cookie, an attacker can cause damage to the website. However, the exploit is limited to those websites who have at least one password protected post and the attacker should have the knowledge of the URL for that post.

Secunia has confirmed the vulnerability existence in latest version 3.5.1. Previous version might also be impacted by the security bug.

The researcher has informed the Wordpress security Team about the security flaw, but since he didn't receive any response from them , he decided to disclose the bug.

W3 Total Cache vulnerability allows hacker to steal password and db info

Jason A. Donenfeld has discovered a Critical vulnerability in one of the famous wordpress plugin "W3 Total Cache".  The plugin helps to improve the user experience of your site by improving your server performance, caching every aspect of your site.

The cache data is stored in public accessible directory, which means a malicious hacker can browse and download the password hashes and other database information.

A simple Google search for "inurl:wp-content/plugins/w3tc/dbcache" returns the list of word press affected by this vulnerability.

According to Jason, the cache files are by default publicly downloadable, and the key values / file names of the database cache items are easily predictable, even with directory listing off.

He also published a simple shell script to identify and exploit this bug:

Wordpress users are advised to either upgrade the plugin to new version or deny access to plugin directory by making an extra .htccess in that folder.

WordPress Pingback Vulnerability Can Be Leveraged in DDoS Attacks

A pingback security bug exists in the Wordpress blogging platform may be exploited to launch distributed denial-of-service (DDoS) attacks, according to web application security firm Acunetix.

The vulnerability is exploitable through the platform’s XMLRPC API (through XMLRPC.PHP).

A malicious hacker can spoof a pingback to a specific blog in order to guess hosts inside each network they target, port scan those hosts, reconfigure internal routers or simply launch DDoS attacks.

The team successfully implemented an Acunetix WVS script to test this security flaw. This script will try to resolve various common internal hosts and try to connect to common ports. In the end, it will report the successful attempts.