» » »

Wordpress Theme - SIPD <== XSS


##################################################
# Description : Wordpress Theme - SIPD <== XSS
# Version : 1
# Date : 7/8/2013
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################

Vulnerabilities in the SIPD theme for WordPress,
which can be exploited by malicious people to conduct cross-site scripting attacks.
The vulnerabilities are caused due to a bundled vulnerable version of ZeroClipboard.
Cross-Site Scripting vulnerabilities in ZeroClipboard(http://seclists.org/fulldisclosure/2013/Feb/103)
and in multiple web applications.

Affected products:
Vulnerable are all versions

Affected vendors / author:
Swara Bhaskara

Details:
Cross-Site Scripting (WASC-08):
XSS via id parameter and XSS via copying payload into clipboard

POC:
http://site/wp-content/themes/SIPD1/simda/TableTools/swf/ZeroClipboard.swf?id=\"))}catch(e){}if(!self.a)self.a=!alert(/XSS/)//&width&height

Provided and/or discovered by:
Ryuzaki Lawlet / Fahmi Fisal @justryuz

Postingan terkait:

1 Comment , ,

1 Tanggapan untuk "Wordpress Theme - SIPD <== XSS"

  1. UnknownJuly 16, 2014 at 10:00 PM

    Great post . It takes me almost half an hour to read the whole post. Definitely this one of the informative and useful post to me. Thanks for the share.I also provide this service plz visit my site.Premium WordPress Themes We provide premium and free WordPress themes and deliver 3+ new themes every month, so that you can easily satisfy clients needs and keep your website looking fresh.

    ReplyDelete

Subscribe to: Post Comments (Atom)