# Exploit Title: Wordpress video-player stored XSS
# Date: 2015/9/10
# Exploit Author: Amir.ght
# Vendor Homepage: https://wordpress.org/plugins/video-player/
# Software Link:
https://downloads.wordpress.org/plugin/video-player.zip
# Version: 1.0.6
# Tested on: windows 7 /FireFox
####################################################
#Exploit :
For Exploiting This Vulnerability You Should Install video-player Plugin
Add New Video Album And In "Player Name" feild Can Input Place Your JavaScript Code
For Execution Codes click on "Save Video Player" Button
####################################################################
Vulnerable File : /wp-content/plugins/Video-player/admin/video_player_func.php
Vulnerable code:
line 408 :
$wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_it_video_players SET name = %s WHERE id = %d ", $_POST["album_name"], $id));
===============================================
For patch:
Replace Line 408 with :
$wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_it_video_players SET name = %s WHERE id = %d ", htmlspecialchars($_POST["album_name"]), $id));