WordPress极简博客 WordPress极简博客
  • 新鲜事
  • 战疫情
  • UI素材
    • UI素材
    • 电商/节日
    • PPT
      • 节日庆典
      • 工作汇报
      • 商业计划书
    • word
      • 简历竞聘
      • 合同/公文
  • 创客头条
    • 音乐分享
    • 初创文章
    • 极客头条
    • 数码解说
    • 生活趣事
    • 生活日记
  • 全球科技
    • 新浪博客
    • A5资讯
    • 环球网新闻
  • 编程教学
    • Linux安全栏目
      • Linux运维安全汇总
      • DDOS攻击防护
      • XSS攻击防护
      • SQL安全防护
    • Python技术栏目
      • Python基础入门
      • Python基础结构
    • WordPress技术栏目
      • WP主题
      • WordPress技术教程
      • RIPRO主题美化
    • WordPress漏洞发布
    • 技术教程汇总
  • 专题
  • 基友
  • 隐私
  • 云优化
  • 注册
    登录
立即登录
  • 首页
  • 云优化
  • 新疫情
  • 新鲜事
    • 热文
    • 极客
    • 生活
  • 技术篇
    • WP主题
    • 技术教程
    • Python入门
    • Python基础
  • 专题篇
  • 友链君

WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass

夏柔8月 23, 2020
漏洞ID13369漏洞类型
发布时间2020-08-22更新时间2020-08-22
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass-WordPress极简博客CVE编号CVE-2020-11497WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass-WordPress极简博客CNNVD-IDN/A
漏洞平台N/ACVSS评分N/A
|漏洞详情

漏洞细节尚未披露

|漏洞EXP
Title: Payment bypass

 

Product: WordPress NAB Transact WooCommerce Plugin

 

Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/

 

Vulnerable Version: 2.1.0

 

Fixed Version: 2.1.2

 

CVE Number: CVE-2020-11497

 

Author: Jack Misiura from The Missing Link 

 

Website: https://www.themissinglink.com.au

 

Timeline:

 

2020-03-27 Disclosed to Vendor

2020-03-29 Vendor publishes first fix

2020-04-04 Vendor publishes second fix

2020-08-17 Fix confirmed

2020-08-20 Publication

 

1. Vulnerability Description

 

The WordPress NAB Transact WooCommerce plugin does not validate the origin of payment processor status requests, allowing orders to be marked as fully paid by issuing a specially crafted GET request during the ordering workflow.

 

2. PoC

 

When presented with a payment screen, instead of submitting payment information, issue the following GET request to the site:

 

https://example-site.com/?wc-api=WC_Gateway_Nab_Direct_Post&order=XXXX&key= wc_order_YYYYY&is_crn=0&txnid=ZZZZZ&refid=WooCommerceXXXX&rescode=00&restext=Approved

 

Where XXXX is the order number and YYYY is the order code which have been present before during the workflow. If these are not presented, submit invalid payment information and get a declined message. Now brute-force the order number which is sequential. Doing so will mark any existing pending orders as fully paid.

 

3. Solution

 

The vendor provides an updated version (2.1.2) which should be installed immediately.

 

4. Advisory URL

 

https://www.themissinglink.com.au/security-advisories

 






Jack Misiura​


Application Security Consultant




a



9‑11 Dickson Avenue


Artarmon


NSW


2064



p


1300 865 865



os


+61 2 8436 8585



w


 <https://www.themissinglink.com.au/> themissinglink.com.au








 



 <https://www.linkedin.com/company/the-missing-link-pty-ltd/> 

 <https://www.facebook.com/The-Missing-Link-268395013346228/?ref=bookmarks> 

 <https://twitter.com/TML_au> 

 <https://www.youtube.com/channel/UC2kd4mDmBs3SjW4lX3fFHnQ> 

 <https://www.instagram.com/the_missing_link_it/> 




 


 <https://www.themissinglink.com.au/robotic-process-automation> 





​CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify The Missing Link immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of The Missing Link.

 
#CVE
0
分享
夏柔 站长
文章 712评论 23
赞赏
夏柔
相关文章
  • WordPress quiz-master-next 安全漏洞
  • Nova Lite theme 跨站脚本漏洞
  • WordPress Email Subscribers & Newsletters 信息泄露漏洞
  • WordPress SeedProd coming-soon 跨站脚本漏洞
  • WordPress Social Sharing 跨站请求伪造漏洞
  • WordPress WooCommerce Subscriptions 跨站脚本漏洞
  • WordPress TC Custom JavaScript插件跨站脚本漏洞
  • WordPress Email Subscribers & Newsletters SQL注入漏洞
  • WordPress Email Subscribers & Newsletters 跨站请求伪造漏洞
  • WordPress SRS Simple Hits Counter SQL注入漏洞
11 5月, 2020
wordpress 如何静态化
夏柔
站长
夏山如碧 - 怀柔天下
712文章
23评论
58144K获赞
版权声明

文章采用创作共用版权 CC BY-NC-ND/2.5/CN 许可协议,与本站观点无关。

如果您认为本文侵犯了您的版权信息,请与我们联系修正或删除。
投诉邮箱wpsite@aliyun.com

栏目推荐
Python基础入门30
WordPress技术教程265
前沿技术情报所7
城市创新——新消费8
最近有哪些不可错过的热文5
程序员的养生之道0
疫情实况
英国新发现一种变异新冠病毒
3月 5, 2021
31省区市新增11例境外输入病例
3月 2, 2021
世卫称年底前结束疫情不现实
3月 2, 2021
更多
每日快讯
财政部部长:严禁征收过头税费
3月 6, 2021
教体局通报号召学生捐压岁钱
3月 6, 2021
西湖大学最快明年招收本科生
3月 6, 2021
建议应届生身份保留延长至5年
3月 6, 2021
完善香港选举制度 三任特首发声
3月 6, 2021
特朗普再次因煽动暴力遭起诉
3月 6, 2021
提高退休人员基本养老金
3月 6, 2021
财政部部长:严禁征收过头税费
3月 5, 2021
更多
  • 新鲜事
  • 疫情实况
  • UI素材
  • 技术教程
  • 音乐分享
  • 专题
  • 友情
  • 隐私
  • 云优化
Copyright © 2019-2021 WordPress极简博客. Designed by 骚老板. 辽公网安备21010502000474号