opensourceBIM / BIMserver

The open source BIMserver platform
GNU Affero General Public License v3.0
1.56k stars 610 forks source link

Misconfiguraiotions Leads To Multiple Bugs #609

Closed Mearafat closed 7 years ago

Mearafat commented 7 years ago

Hi, This is Yeasir Arafat, I Have Found Some Misconfigurations Which Leads To Multiple Bugs!

Vulnerable Domain -- http://bimserver.org/blog/ Your Wordpress Version is Up to Date But Your Plugins Version Is Old So Your Site is Very Vulnerable. Checkout. [!] Title: WP-Super-Cache 1.3 - Remote Code Execution Reference: https://wpvulndb.com/vulnerabilities/6623 Reference: http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ Reference: http://wordpress.org/support/topic/pwn3d Reference: http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html [i] Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS Reference: https://wpvulndb.com/vulnerabilities/6624 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008 [i] Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS Reference: https://wpvulndb.com/vulnerabilities/6625 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008 [i] Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS Reference: https://wpvulndb.com/vulnerabilities/6626 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008 [i] Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS Reference: https://wpvulndb.com/vulnerabilities/6627 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008 [i] Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS Reference: https://wpvulndb.com/vulnerabilities/6628 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008 [i] Fixed in: 1.3.1

[!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS Reference: https://wpvulndb.com/vulnerabilities/6629 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008 [i] Fixed in: 1.3.1

[!] Title: WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS) Reference: https://wpvulndb.com/vulnerabilities/7889 Reference: http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html [i] Fixed in: 1.4.3

[!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS) Reference: https://wpvulndb.com/vulnerabilities/8197 Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/ [i] Fixed in: 1.4.5

[!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection Reference: https://wpvulndb.com/vulnerabilities/8198 Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/ [i] Fixed in: 1.4.5

Thanks Best Regards Yeasir Arafat

Mearafat commented 7 years ago

Hi there, Any updates? Thanks

Mearafat commented 7 years ago

Hello, Why you closed the issue without any updates ?? May I know why you closed it? Thanks

rubendel commented 7 years ago

Here is some reasons, just fo with your automated bs

https://github.com/opensourceBIM/BIMserver/issues/604 https://github.com/opensourceBIM/BIMserver/issues/600 https://github.com/opensourceBIM/BIMserver/issues/595 https://github.com/opensourceBIM/BIMserver/issues/561