WordPress极简博客 WordPress极简博客
  • 新鲜事
  • 战疫情
  • UI素材
    • UI素材
    • 电商/节日
    • PPT
      • 节日庆典
      • 工作汇报
      • 商业计划书
    • word
      • 简历竞聘
      • 合同/公文
  • 创客头条
    • 音乐分享
    • 初创文章
    • 极客头条
    • 生活趣事
    • 生活日记
    • 防骗指南
  • 编程教学
    • API日记
    • Linux安全栏目
      • Linux运维安全汇总
      • DDOS攻击防护
      • XSS攻击防护
      • SQL安全防护
    • Python技术栏目
      • Python基础入门
      • Python基础结构
    • WordPress技术栏目
      • WP主题
      • WordPress技术教程
      • RIPRO主题美化
    • WordPress漏洞发布
    • 技术教程汇总
    • 严选源码
  • 专题
  • 基友
  • 隐私
  • 注册
    登录
立即登录
  • 首页
  • 云优化
  • 新疫情
  • 新鲜事
    • 热文
    • 极客
    • 生活
  • 技术篇
    • WP主题
    • 技术教程
    • Python入门
    • Python基础
  • 专题篇
  • 友链君
首页 WordPress漏洞发布 WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass

WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass

夏柔 8月 23, 2020
漏洞ID13369漏洞类型
发布时间2020-08-22更新时间2020-08-22
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass-WordPress极简博客CVE编号CVE-2020-11497WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass-WordPress极简博客CNNVD-IDN/A
漏洞平台N/ACVSS评分N/A
|漏洞详情

漏洞细节尚未披露

|漏洞EXP
Title: Payment bypass

 

Product: WordPress NAB Transact WooCommerce Plugin

 

Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/

 

Vulnerable Version: 2.1.0

 

Fixed Version: 2.1.2

 

CVE Number: CVE-2020-11497

 

Author: Jack Misiura from The Missing Link 

 

Website: https://www.themissinglink.com.au

 

Timeline:

 

2020-03-27 Disclosed to Vendor

2020-03-29 Vendor publishes first fix

2020-04-04 Vendor publishes second fix

2020-08-17 Fix confirmed

2020-08-20 Publication

 

1. Vulnerability Description

 

The WordPress NAB Transact WooCommerce plugin does not validate the origin of payment processor status requests, allowing orders to be marked as fully paid by issuing a specially crafted GET request during the ordering workflow.

 

2. PoC

 

When presented with a payment screen, instead of submitting payment information, issue the following GET request to the site:

 

https://example-site.com/?wc-api=WC_Gateway_Nab_Direct_Post&order=XXXX&key= wc_order_YYYYY&is_crn=0&txnid=ZZZZZ&refid=WooCommerceXXXX&rescode=00&restext=Approved

 

Where XXXX is the order number and YYYY is the order code which have been present before during the workflow. If these are not presented, submit invalid payment information and get a declined message. Now brute-force the order number which is sequential. Doing so will mark any existing pending orders as fully paid.

 

3. Solution

 

The vendor provides an updated version (2.1.2) which should be installed immediately.

 

4. Advisory URL

 

https://www.themissinglink.com.au/security-advisories

 






Jack Misiura​


Application Security Consultant




a



9‑11 Dickson Avenue


Artarmon


NSW


2064



p


1300 865 865



os


+61 2 8436 8585



w


 <https://www.themissinglink.com.au/> themissinglink.com.au








 



 <https://www.linkedin.com/company/the-missing-link-pty-ltd/> 

 <https://www.facebook.com/The-Missing-Link-268395013346228/?ref=bookmarks> 

 <https://twitter.com/TML_au> 

 <https://www.youtube.com/channel/UC2kd4mDmBs3SjW4lX3fFHnQ> 

 <https://www.instagram.com/the_missing_link_it/> 




 


 <https://www.themissinglink.com.au/robotic-process-automation> 





​CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify The Missing Link immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of The Missing Link.

 
#CVE
0
J2dcg1.png
猜你喜欢
  • WordPress quiz-master-next 安全漏洞
  • Nova Lite theme 跨站脚本漏洞
  • WordPress Email Subscribers & Newsletters 信息泄露漏洞
  • WordPress SeedProd coming-soon 跨站脚本漏洞
  • WordPress Social Sharing 跨站请求伪造漏洞
  • WordPress WooCommerce Subscriptions 跨站脚本漏洞
  • WordPress TC Custom JavaScript插件跨站脚本漏洞
  • WordPress Email Subscribers & Newsletters SQL注入漏洞
  • WordPress Email Subscribers & Newsletters 跨站请求伪造漏洞
  • WordPress SRS Simple Hits Counter SQL注入漏洞
11 10月, 2023
10月11日,星期三,在这里每天60秒读懂世界!
夏柔
站长
夏山如碧 - 怀柔天下
1670
文章
25
评论
58145K
获赞
版权声明

文章采用创作共用版权 CC BY-NC-ND/2.5/CN 许可协议,与本站观点无关。

如果您认为本文侵犯了您的版权信息,请与我们联系修正或删除。
投诉邮箱wpsite@aliyun.com

栏目推荐
Python基础入门33
WordPress技术教程267
前沿技术情报所22
城市创新——新消费11
最近有哪些不可错过的热文23
程序员的养生之道0
节
春
  • 新鲜事
  • 疫情实况
  • UI素材
  • 技术教程
  • 音乐分享
  • 专题
  • 友情
  • 隐私
  • 云优化
Copyright © 2019-2025 WordPress极简博客. Designed by 夏柔. 辽公网安备21010502000474号 辽ICP备19017037号-2