Home > Forum

Support Forum

Security issue: Unsanitized HTML output via WPS

Discussion forum for WP Socializer plugin

Security issue: Unsanitized HTML output via WPS

Postby RedofM3 » Wed Jan 23, 2013 8:10 pm

My host states the WPS is injectable at the D parameter and the remote CGI is able to run scripts because there is not proper sanitizing using the HTTP method.

The remote web server hosts cgi scripts that fail to adequately sanitize request strings. By
leveraging this issue, an attacker may be able to include a remote file from a remote server and
execute arbitrary commands on the target host.

High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Restrict access to the vulnerable application. Contact the vendor
for a patch or upgrade.

-------- output --------
<a href="http://twitter.com/share" class="twitter-share-button" da [...]
<!-- End WP Socializer Plugin - Retweet Button -->
[...] includes%3A+safety%2C+saving+money%2C+eco-friendly%2C+speed%2C+and+more+convenience...Will+you+choose+to+MAD%3F+It+is+time+to+Make+A+Difference.%0D%0A%0D%0A%0D%0AStatistics%0D%0ADo+you+want+to+become+a+statistic%3F+Read+and+decide+if+you+are+already+a+stat%20-%20http://mommasmoneymatters.com/mad-bill-pay/?D=http://w2DCfiZo.example.com/" title="Email this" target="_blank" rel="nofollow"class="wp-socializer-single"><img src="http://mommasmoneymatters.com/wp-content/plugins/wp-socializer/public/social-icons/16/email.png" alt="Email" border="0"/></a><span class="wp-socializer-label"><a href="mailto:?to=&amp;subject=What+Century+Is+It%3F&amp;body=If+the+list+of+benefits+includ [...]
<!-- Start WP Socializer | Floating bar - JS file-->
<script type="text/javascript" src="http://mommasmoneymatters.com/ [...]


I have a flood of messages for every instance of WPS (one for every WPS button on every page where it displays) which is close to 59,000. I think the spider just died rather than send any more messages.

I have no choice but disable until there is a fix because my security certificate will be invalidated if I do not. Please advise.
RedofM3
 
Posts: 1
Joined: Wed Jan 23, 2013 7:35 pm

Re: Security issue: Unsanitized HTML output via WPS

Postby vaakash » Sat Jan 26, 2013 8:54 pm

Sorry can't get your problem. Can you please explain it in a simple manner where it happens actually ???
User avatar
vaakash
Site Admin
 
Posts: 730
Joined: Sun Jan 17, 2010 11:15 am
Location: India


 


  • Related topics
    Replies
    Views
    Last post


Return to WP Socializer


phpBB SEO