Home page logo

oss-sec logo oss-sec mailing list archives

CVE-request: Dewplayer issues
From: Henri Salo <henri () nerv fi>
Date: Mon, 30 Dec 2013 13:38:03 +0200

While verifying (lunch break) dewplayer issues announced here
http://seclists.org/fulldisclosure/2013/Dec/209 I noticed that there is same
component also used with other plugins. Please notify me in case this list does
not care about WordPress plugin security overall as it can make our list less
readable. Only listing active (non-disabled) plugins.

Q: Does content spoofing issues normally get CVE as the risk is probably

Assigning one CVE for vulnerability in different software components e.g.
libraries used in WordPress plugins makes it very difficult to coordinate
updates with end-users. Examples:

I hope to get new CVEs for these issues below.

Plugin: flash-player-widget
Version tested: 1.3
Type: CAPEC-148: Content Spoofing
PoC: http://example.com/wp-content/plugins/flash-player-widget/dewplayer.swf?mp3=http://example.mp3
SHA1: 97a4b45212be83bf8dc5dd7a289a3decac7889ab

- No XSS vector by using ?xml=xss.xml
- No full path disclosure

Plugin: advanced-dewplayer
Version tested: 1.2
Type: CAPEC-148: Content Spoofing
PoC: http://example.com/wp-content/plugins/advanced-dewplayer/dewplayer.swf?mp3=http://example.mp3
SHA1: 2947cc06ab1bd6e8af2229511e6797f9709ca615 (same as
dewplayer-flash-mp3-player in the announcement)

- No XSS vector by using ?xml=xss.xml
- No full path disclosure

Also at the process I noticed that there is additional security vulnerability.
Details below.

Plugin: advanced-dewplayer
Version tested: 1.2
Type: Information Disclosure / CAPEC-118: Data Leakage Attacks
Impact: File wp-config.php contains database passwords, authentication
keys/salts etc. Does not need authentication.

General note: No time to make proper analysis so there is probably more issues :)

Henri Salo

Attachment: signature.asc
Description: Digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]