We are closing registration and public forum view to Paid & Private in 16 days! CLICK HERE to register FREE.
 
Create an account  

For users privacy, our last domains: CarderHack.com and OmertaHack.net are moved to CardingTeam.ws

Deposit & Withdraw | About Verified Sellers and Escrow | Advertise | Scam Report | Tracking Number Details | ICQ: 717039384

carding forums carding forums
carding forums carding forums
carding forums Paid adv expire in 48 days
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
WordPress I Love It XSS / Content Spoofing / Path Disclosure

#1
The WordPress I Love It theme suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.

Hello list!

These are Cross-Site Scripting, Content Spoofing and Full path disclosure
vulnerabilities in I Love It theme for WordPress. This is commercial
(premium) theme.

-------------------------
Affected products:
-------------------------

All versions of I Love It theme for WordPress. The theme contains vulnerable
versions of Audio Player and GDD FLVPlayer.

-------------------------
Affected vendors:
-------------------------

CosmoThemes
CosmoThemes » Premium WordPress Themes

----------
Details:
----------

Cross-Site Scripting (WASC-08):

https://site/wp-content/themes/iloveit/lib/php/assets/player.swf?playerID=%22))}catch(e){alert(document. cookie)}//

Content Spoofing (WASC-12):

https://site/wp-content/themes/ilovei...dflvplayer.swf

There are 10 vulnerabilities in GDD FLVPlayer: 8 CS and 2 XSS. Which I
announced recently (??????????? ? GDD FLVPlayer - Websecurity - ??? ???????) and informed developers
of GDD FLVPlayer. These vulnerabilities will be disclosed later.

Full path disclosure (WASC-13):

https://site/wp-content/themes/iloveit/

There are FPD vulnerabilities in index.php and other php-files (in folder
and subfolders).

------------
Timeline:
------------

2013.05.24 - informed CosmoThemes about vulnerabilities in their I Love It
New theme.
2013.07.11 - disclosed at my site (XSS, CS ?? FPD ??????????? ? ???? I Love It ??? WordPress - Websecurity - ??? ???????).
2013.07.12 - informed developers about vulnerabilities in their I Love It
theme.
Reply
Paid adv. expire in 47 days
CLICK to buy Advertisement !

    Verified & Trusted HACKED Payza, PayPal, Ukash, Ucard, EgoPay, Skrill - TRANSFER [Escrow accepted]




Forum Jump: