Wordpress video-player stored XSS

2015.09.14
Credit: Amir.ght
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Wordpress video-player stored XSS # Date: 2015/9/10 # Exploit Author: Amir.ght # Vendor Homepage: https://wordpress.org/plugins/video-player/ # Software Link: https://downloads.wordpress.org/plugin/video-player.zip # Version: 1.0.6 # Tested on: windows 7 /FireFox #################################################### #Exploit : For Exploiting This Vulnerability You Should Install video-player Plugin Add New Video Album And In "Player Name" feild Can Input Place Your JavaScript Code For Execution Codes click on "Save Video Player" Button #################################################################### Vulnerable File : /wp-content/plugins/Video-player/admin/video_player_func.php Vulnerable code: line 408 : $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_it_video_players SET name = %s WHERE id = %d ", $_POST["album_name"], $id)); =============================================== For patch: Replace Line 408 with : $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."huge_it_video_players SET name = %s WHERE id = %d ", htmlspecialchars($_POST["album_name"]), $id));


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top