Support » Plugin: NextGEN Gallery - WordPress Gallery Plugin » XSS via plupload -> Moxie.swf

  • Hi,

    We have been notified via our bug bounty program ( https://tech.showmax.com/security/ && https://www.hackerone.com/showmax/ ) about potential open-redirect in MoxiePlayer. I was able to replicate the issue on Mac with latest Firefox and Flash Player (tested on v4.7.5).

    Moxie is part of nextgen-gallery via plupload plugin. Path to file:

    /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/plupload-2.1.1/Moxie.swf

    Attack vector looks like

    /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/plupload-2.1.1/Moxie.swf?target%g=alert&uid%g=pugs_are_great

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Imagely

    (@imagely)

    @krala – Thanks for the report, we would appreciate these details as a Bug Report here: https://imagely.com/report-bug/

    I’ll advise our developers immediately.

    – Cais.

    Cool, thank you. I was not able to fing bug reporting url to be honest.

    Plugin Author Imagely

    (@imagely)

    @krala – We’re working towards the most appropriate solution. We do recognize it is possible to exploit this particular vector although we are also seeing the underlying requirements to be able to exploit this would also open other attack vectors not related to NextGEN Gallery specifically.

    Thanks!

    – Cais.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.