exploit the possibilities

WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure

WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure
Posted May 27, 2017
Authored by Kyle Lovett

WordPress Social-Stream versions 1.6.0 and below suffer from a Twitter API OAuth secret disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 7bcdc75fa62438d580fa7352ad149ad6

WordPress Social-Stream 1.6.0 Twitter API Secret Disclosure

Change Mirror Download
Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Keys
CWE-522 :Insufficiently Protected Credentials

Products:
Wordpress Social Stream
Versions 1.6.0 and lower
https://codecanyon.net/item/wordpress-social-stream/2201708

Social Network Tabs
Versions 1.7.4 and lower
https://codecanyon.net/item/social-network-tabs-for-wordpress/1982987

Fix:
Wordpress Social Stream, V 1.6.1
https://codecanyon.net/item/wordpress-social-stream/2201708

"WordPress Social Stream will combine all of your social network feeds into one
single network stream or create a single feed for multiple social
network profiles."

A weakness exists in the Wordpress plugin Social-Stream which exposes all four
Twitter API keys as parameters of a URL link on the webpage in which
the plugin widget
is rendered.

consumer_key
consumer_secret
oauth_access_token
oauth_access_token_secret

When the end user places the code in their HTML to embed a Twitter Stream feed,
it calls the file dcwp_twitter.php, where the Twitter API keys are stored.
Those keys are set as a variable, then are incorrectly echo'd onto the webpage.

===============================================================================
$auth = new dcwss_TwitterOAuth($consumer_key,$consumer_secret,$oauth_access_token,$oauth_access_token_secret);
$get = $auth->get( $rest, $params );
//print_r($get->errors);
} else {
echo $get;
}
===============================================================================

The full and clear text URL is exposed similar to this:

http://example.com/wp-content/plugins/wordpress-social-stream/inc/dcwp_twitter.php?1=consumer_key&2=consumer_secret&3=access_key&4=access_secret

Google Dork
https://www.google.com/search?num=100&q=dcwp_twitter+text&filter=0

Fix:
The vendor has issued a patch for the Wordpress Social Stream, V 1.6.1
available here:
https://codecanyon.net/item/wordpress-social-stream/2201708

It is not known whether a patch has been issued for Social Network Tabs plugin.

An important note, the keys will remain good even after the patch,
until the end user revokes the original keys and issues a new set.
Changing one's password will not mitigate this problem, however
setting the app to be read only in Twitter will mitigate an attackers
ability to post tweets or change profile pictures as them.
------------------------------------------------------------------------------
Timeline:
Vendor notified on 04/01/2017
Fix Complete on 04/06/2017
Disclosure Public 05/21/2017
Contact: Kyle Lovett krlovett@gmail.com
------------------------------------------------------------------------------
Login or Register to add favorites

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close