WordPress Register Plus Redux Cross Site Scripting

WordPress Register Plus Redux Cross Site Scripting: Posted Mar 30, 2012; Authored by MustLive; Register Plus Redux version 3.7.2 for WordPress appears to suffer from additional cross site scripting vulnerabilities.; tags | advisory, vulnerability, xss; SHA-256 | db3fb962011dd8d10dc7bbbb09fa3e33e1b8850fab7bbad4805726fff8226418; Download | Favorite | View

WordPress Register Plus Redux Cross Site Scripting

Hello list!

I want to warn you new about security vulnerabilities in Register Plus Redux
for WordPress.

These are Cross-Site Scripting vulnerabilities. After finding and fixing of
36 vulnerabilities in plugin Register Plus Redux in the end of previous
year, I've released my version of the plugin with fixed vulnerabilities of
original plugin. And recently during security audit of web site, on which
Register Plus Redux was using, I've found two new XSS vulnerabilities in
this plugin (which also take place on forks of this plugin).

-------------------------
Affected products:
-------------------------

Affected functionality appeared in Register Plus Redux potentially from
version 3.7.2.

Vulnerable are original Register Plus Redux and all plugins based on it.
Particularly vulnerable are Register Plus Redux 3.7.2 and next versions, my
versions Register Plus Redux 3.8 - 3.8.3, Register Plus Redux Auto Login
3.8.1 and previous versions.

At 25.03.2012 I've fixed these vulnerabilities in my version Register Plus
Redux 3.8.4.

----------
Details:
----------

XSS (WASC-08):

At page http://site/wp-login.php?action=register in parameters user_login
and user_email.

http://websecurity.com.ua/uploads/2012/Register%20Plus%20Redux%20XSS-1.html

http://websecurity.com.ua/uploads/2012/Register%20Plus%20Redux%20XSS-2.html

These vulnerabilities are concerned with variable-width-encoding (with using
of this technique it's possible to bypass protection filters). These
exploits are for IE6, for other browsers other characters need to be used
(this attack is possible in old browsers).

------------
Timeline:
------------

2012.03.25 - found these vulnerabilities in the plugin.
2012.03.25 - fixed these vulnerabilities in my version of the plugin 
(Register Plus Redux 3.8.4).
2012.03.26-27 - informed users of my plugin and supplied them with new 
version.
2012.03.27 - disclosed at my site.
2012.03.28 - informed developer of original plugin.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/5745/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Top Authors In Last 30 Days

Red Hat 146 files
Ubuntu 116 files
Debian 18 files
Rafael Pedrero 11 files
LiquidWorm 10 files
Google Security Research 10 files
Apple 9 files
Abdulhakim Oner 8 files
nu11secur1ty 8 files
Hubert Wojciechowski 6 files

File Archives

Systems

AIX (426)
Apple (1,960)
BSD (372)
CentOS (56)
Cisco (1,919)
Debian (6,714)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,288)
HPUX (878)
iOS (340)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,137)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,925)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,453)
UNIX (9,208)
UnixWare (185)
Windows (6,532)
Other

WordPress Register Plus Redux Cross Site Scripting

WordPress Register Plus Redux Cross Site Scripting

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress Register Plus Redux Cross Site Scripting

Share This

WordPress Register Plus Redux Cross Site Scripting

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems