Hello Bugtraq!
I want to warn you about security vulnerabilities in plugin WP-UserOnline
for WordPress.
-----------------------------
Advisory: Vulnerabilities in WP-UserOnline for WordPress
-----------------------------
URL: http://websecurity.com.ua/4177/
-----------------------------
Affected products: WP-UserOnline 2.62 and previous versions.
-----------------------------
Timeline:
26.04.2010 - found vulnerabilities.
30.04.2010 - announced at my site.
01.05.2010 - informed developer.
07.05.2010 - developer released WP-UserOnline 2.70. In version 2.70 the
developer fixed XSS, but not Full path disclosure vulnerabilities.
01.07.2010 - disclosed at my site.
-----------------------------
Details:
These are Cross-Site Scripting and Full path disclosure vulnerabilities.
XSS:
With help of special request to the site it's possbile to conduct XSS
attack. For this it's needed to send GET request in special way (not in
browser) to page http://site/?<script>alert(document.cookie)</script>.
This is persistent XSS. Vulnerability appears at page
http://site/wp-admin/index.php?page=wp-useronline.
Full path disclosure:
http://site/wp-content/plugins/wp-useronline/admin.php
http://site/wp-content/plugins/wp-useronline/widget.php
http://site/wp-content/plugins/wp-useronline/wp-stats.php
http://site/wp-content/plugins/wp-useronline/wp-useronline.php
http://site/wp-content/plugins/wp-useronline/scb/Widget.php
http://site/wp-content/plugins/wp-useronline/scb/load.php
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
