» » » » »

Wordpress Plugins - SlideDeck 2 <== XSS


##################################################
# Description : Wordpress Plugins - SlideDeck 2 <== XSS
# Version : -
# Date : 7/8/2013
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################

About:
SlideDeck 2 for WordPress is a responsive slider plugin that lets you easily create content
sliders out of almost any content. Connect to a variety of Content Sources like YouTube, Flickr,
WordPress posts and Pinterest to create gorgeous, dynamic sliders in a few clicks - no coding is required.

Vulnerabilities in the SlideDeck 2 plugin for WordPress,
which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerabilities are caused due to a bundled vulnerable version of ZeroClipboard.
Cross-Site Scripting vulnerabilities in ZeroClipboard(http://seclists.org/fulldisclosure/2013/Feb/103)
and in multiple web applications.

Affected products:
Vulnerable are all versions

Affected vendors:
SlideDeck 2
http://www.slidedeck.com / http://wordpress.org/plugins/slidedeck2/

Details:
Cross-Site Scripting (WASC-08):
XSS via id parameter and XSS via copying payload into clipboard

POC:
http://site/wp-content/plugins/slidedeck2/js/zeroclipboard/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(/XSS/)//&width&height

Provided and/or discovered by:
Ryuzaki Lawlet / Fahmi Fisal @justryuz

Postingan terkait:

5 Comments , , , ,

5 Tanggapan untuk "Wordpress Plugins - SlideDeck 2 <== XSS"

  1. hamzaMay 25, 2021 at 7:51 AM

    Amazing blog
    WordPress Developer Brisbane

    ReplyDelete
  2. fatimashaikhOctober 22, 2021 at 12:07 AM

    athemeart.com Thanks for a very interesting blog. What else may I get that kind of info written in such a perfect approach? I’ve a undertaking that I am simply now operating on, and I have been at the look out for such info.

    ReplyDelete
  3. SarahOctober 30, 2021 at 2:05 AM

    This comment has been removed by the author.

    ReplyDelete
  4. SarahOctober 30, 2021 at 11:45 PM

    Search engine optimization administrations can undoubtedly cost between $5,000-$25,000, it can even be substantially more than this, contingent upon your necessities, however this is undeniably more economical and less expensive than other publicizing stages.토토사이트

    ReplyDelete
  5. Haroon bloggerFebruary 7, 2022 at 10:57 AM

    digital marketing services in lahore one stop solution for all your digital needs We understand the expectations of the businesses of today, thus providing efficient and reliable services that involve the latest trends in technology is our priority. Get Started Brands we work with Previous Next Our Expertise Website Design Your business’ website is the backbone of its internet-based presence.

    ReplyDelete

Subscribe to: Post Comments (Atom)