Posted 1 year ago #
Original post: http://www.securityfocus.com/archive/1/520691
What versions are affected? Is this valid advisory? Has this issue been fixed in some version?
"http://www.site.com/[path]/wp-content/plugins/flash-album-gallery/facebook.php?i=[xss]"
I am unable to reproduce.
fixed in v1.57
Posted 1 year ago #
So how did you verify this issue exists?
SCM URL: http://plugins.svn.wordpress.org/flash-album-gallery/trunk/changelog.txt
"""
GRAND FlAGallery
by Sergey Pasyuk & CodEasily DEV Team
= v1.57 - 01.12.2011 =
* Bugfix: Error when update from very old version
* Bugfix: xss vulnerability
* Updated: 3D FlatWall, 3D Cube and Afflux skins compatibility with GRAND Pages
= v1.56 - 23.11.2011 =
"""
I really don't understand how this was fixed or I did something wrong as these commands doesn't give any information:
diff flash-album-gallery-156/flagshow.php flash-album-gallery-trunk/flagshow.php (where 156 means 1.56)
diff flash-album-gallery-155/flagshow.php flash-album-gallery-trunk/flagshow.php
diff flash-album-gallery-155/lib/core.php flash-album-gallery-trunk/lib/core.php
Posted 1 year ago #
Could you please tell me how this was fixed as it is fixed says your changelog?
Posted 1 year ago #
I solved this: http://wordpress.org/support/topic/plugin-grand-flagallery-best-photo-media-gallery-another-xss-vulnerability-report-flagshowphppid and let's move conversation here.
1.5, 1.51 and 1.52 was tested with my friend to be vulnerable (Seriffi) for facebook.php. I don't know what mistake I made when I did test this.
I still don't understand how this flagshow.php-issue was fixed.
here is changelog for facebook.php: http://plugins.trac.wordpress.org/changeset/469785
and flagshow.php file is false-positive report... anyway I've changed it too: http://plugins.trac.wordpress.org/changeset/478702#file0
Posted 1 year ago #
This topic has been closed to new replies.
