WordPress Audio Player Plugin XSS in SWF

# Exploit Title: WordPress Audio Player Plugin XSS in SWF
# Release Date: 31/01/13
# Author: hip [Insight-Labs]
# Contact: hip@insight-labs.org | Website: http://insight-labs.org
# Software Link: http://downloads.wordpress.org/plugin/audio-player.
# Vendor Homepage: http://wpaudioplayer.com/
# Tested on: XPsp3
# Affected version: before
# Google Dork: inurl:/wp-content/plugins/audio-player/
# Introduction:
Audio Player is a highly configurable but simple mp3 player for all your audio needs.
# XSS — Proof Of Concept:

vulnerable path:
vulnerabile parameter:playerID


— Vendor was notified on the 23/01/2013
— Vendor released version on 30/01/2013 Fixed the bug

Комментарии (2 комментария) на "WordPress Audio Player Plugin XSS in SWF"

  1. Да, прощание всегда тяжело, но возвращение иной раз еще тяжелее.
    (c)Эрих Мария Ремарк

  2. Хм… даже такое бывает.

Отправить комментарий

Другие статьи рубрики "Эксплоиты-Wordpress"