WordPress.org

Ready to get started?Download WordPress

Forums

Global Translator
[resolved] Xss attack found in Global Translator 1.3.2 (11 posts)

  1. E-TARD The LifeCaster
    Member
    Posted 3 years ago #

    I found some XSS attacks on my site but i did not know what was making it happen so i started a post here http://wordpress.org/support/topic/i-found-some-xss-with-tag

    so here are the XSS link
    http://somesite.com/?tag='"><script>alert(1)</script>
    http://somesite.com/?cat='"><script>alert(1)</script>
    http://somesite.com/?m='"><script>alert(1)</script>
    http://somesite.com/?s='"><script>alert(1)</script>
    http://somesite.com/?page_id='"><script>alert(1)</script>
    http://somesite.com/?author='"><script>alert(1)</script>

    how did i find them
    I started to turn off things like my theme & my many plugins
    so after i found out it was not my theme i started looking into plugin
    turning them on one by one
    & every time i turned on a plugin i tested to see if the XSS was there.
    when i got to Global Translator then the XSS poped up
    so you ppl really need to fix this ASAP!!!!!!!

  2. esmi
    Forum Moderator
    Posted 3 years ago #

    We ppl don't develop that plugin. Nor do we control what is listed in the Plugin Directory. If you have found a serious issues with a plugin, please email plugins@wordpress.org. However, I think this issue was reported a few days ago.

  3. E-TARD The LifeCaster
    Member
    Posted 3 years ago #

    well i sent an e-mail to the maker of this plugin
    & gave him to the url to this post.
    we will w8 & see
    but is anyone knows how to go about fixing this
    i'd sure like to know.

  4. Matt Martz
    Member
    Posted 3 years ago #

    @etardwebcam:

    I have looked through the code of the Global Translator plugin and cannot find anywhere that would have generated that code that you posted.

    Global Translator does use cached files, which could have been compromised. It looks like wp-content/gt-cache and wp-content/plugins/global-translator/cache may contain the cache files. I am not sure if there is a way to clear the cache using the plugin, but you could try searching the files within those directories for that code.

    Another point of interest is that we haven't seen any other reports about malicious code from this plugin and it is pretty popular.

    If you could post a link to a page/post where we could see this code, or perhaps post the code in between backticks as described below the post box here in the forums, we could see the code a little better without having the html interpreted by the browser. As it stands now I cannot see how what you posted is considered a "XSS attack".

    It would also be best if you didn't censor the code as somesite.com does not provide us with much to search on.

    Also keep in mind that the plugin itself could have been compromised and modified, try deleting the plugin and reinstalling it.

  5. E-TARD The LifeCaster
    Member
    Posted 3 years ago #

    ok I'm not going to post a [moronic expletive deleted] url to my site on here that has to do with an XSS attack but if you give me your e-mail I will give them to you.
    I have bad ppl who would love more then nothing to know about all this thats y I'm trying to keep this some what on the DL.

    I am 100% sure that this hole is in this plugin
    I turned off everything
    & the hole went bye bye
    I would turn on just one of my plugins then test for the XSS
    then turn it off & go to the next one
    until I got to global-translator then it hit & I was like
    Noooooo!!!!!!!!!!!!!!!!!
    I love this plugin & wish it would have been any of my other plugins

    as for the gt-cache
    that only get called up when you use /?gtlang=
    like http://somesite.com/?gtlang=ja
    so by having the ja aka Japanese at the end of /?gtlang= the global-translator will look into the gt-cache to see if there is a translation for that page in Japanese
    with out the ?gtlang= your not pulling from the gt-cache.

    & yes there are 2 ways to clear the gt-cache
    the easy way is to ftp to your server & delete them or edit global-translator & remove a commented line for a button to show up in the wp-admin controls for GT to clear the gt-cache.
    y the maker has it commented out along with some other things I don't know.

  6. Just a thought, but have you tried deleting and reinstalling the plugin and clearing the cache?

  7. E-TARD The LifeCaster
    Member
    Posted 3 years ago #

    did that & did not change anything....
    its ok guys we will just have to w8 for the maker to get off his but

  8. E-TARD The LifeCaster
    Member
    Posted 3 years ago #

    I kind of get the feeling that you ppl think I'm Imagining this
    so I did a inurl:gtlang looking for someone running GT
    I found some others wordpress sites that have global-translator
    http://www.mohamedadamjr.com/?gtlang=ru
    & the same XSS works on this site
    http://www.mohamedadamjr.com/?s='"><script>alert(1)</script>
    and all of them
    http://ursula.blogdns.net/?s='"><script>alert(1)</script>
    http://www.geghna.org/?s='"><script>alert(1)</script>
    http://biu-france.com/?s='"><script>alert(1)</script>
    & thats just the top of the list
    so we really need to find some way to fix this so we can help all of the many wordpress bloggers out there on the net running GT

  9. Have you considered the possibility that the developer just doesn't monitor the forums over here? The following is from the plugin's page on the developer's site:

    Bug submission is an important aspect of many Open Source projects, and submitting bugs correctly increases the chances of the developer finding and fixing any problems that may arise.
    If you want to submit bug issues, please use the Contact form and remember to specify the following informations:
    - the version of the plugin you’re using
    - a full description of the problem (and the error message if available)

    http://www.n2h.it/wp-plugins/wordpress-global-translator-plugin/

  10. E-TARD The LifeCaster
    Member
    Posted 3 years ago #

    oh he knows all about it now
    I have been in talks with him over e-mail
    the hard part is I'm in the US & he is in IT

  11. E-TARD The LifeCaster
    Member
    Posted 3 years ago #

    just an update on whats going on
    we now know that this one http://somesite.com/?s='"><script>alert(1)</script>
    has nothing to do with GT

    but the others do!!!
    /?tag='"><script>alert(1)</script>
    /?cat='"><script>alert(1)</script>
    /?m='"><script>alert(1)</script>
    /?page_id='"><script>alert(1)</script>
    /?author='"><script>alert(1)</script>
    any one of the XSS's here will work on the sites listed
    reposting this with the tags that apply to the GT matter at hand.
    http://www.geghna.org/?author='"><script>alert(1)</script>
    http://biu-france.com/?author='"><script>alert(1)</script>
    http://www.tsakostanoev.com/?author='"><script>alert(1)</script>

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic