[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Wordpress flash-album-gallery plugin Cross-Site Scripting
From: Henri Salo <henri () nerv ! fi>
Date: 2011-12-29 9:50:40
Message-ID: 20111229095040.GC17180 () foo ! fgeek ! fi
[Download RAW message or body]
On Wed, Nov 30, 2011 at 03:28:00PM +0000, Amir@irist.ir wrote:
> a bug in Wordpress flash-album-gallery plugin that allows to us to occur a \
> Cross-Site Scripting on a Remote machin.
>
>
>
> ######################################################################################################################
> # \
> # # Islamic Republic Of Iran Security Team \
> # # \
> # # http://irist.ir/forum/ \
> # # \
> # ######################################################################################################################
> # \
> # # Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities \
> # # \
> # # Download......: http://wordpress.org/extend/plugins/flash-album-gallery/ \
> # # \
> # # Exploit.......: \
> http://www.site.com/[path]/wp-content/plugins/flash-album-gallery/facebook.php?i=[xss] \
> # # \
> # # Google Search.: "Powered by Wordpress" \
> # # \
> # ######################################################################################################################
> # \
> # # Bug Found.....: IrIsT.Ir \
> # # \
> # # discovery.....: Am!r (IrIsT?) \
> # # \
> # # contact.......: Amir[at]IrIsT.ir \
> # # \
> # # SP TNX........: The-0utl4w & A.u.r.A & B3HZ4D & m3hdi & joker_s & all IrIsT And \
> Aria-security members # # \
> # # & Ashiyane.Org & black-hg.org & Aria-security.com & H4ckcity.Org & \
> sepehr-Team.Org & ajaxtm.com & All Iranian Team # # \
> # ######################################################################################################################
>
CVE-2011-4624 is assigned for this issue.
- Henri Salo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic