Dear beloved customers, today we’re going to give you an important alert about a serious vulnerability that calls XSS (Cross Site Scripting) appearing in prettyPhoto - a plugin for creating slides of images, effects, gallery in Joomla and WordPress webpages.
How is XSS doing in prettyPhoto? Let come along with us to figure it out.
Using a dork: “inurl: / wp-content / plugins / prettyPhoto” to find out the vulnerable websites.
Next, “a document.write” is used to define XSS:
“URL/#prettyPhoto[gallery]/1, / ”
We can see that XSS causes dangerous problems: Denial of Service, redirects, cookies theft, alerts, html code injection...
Then we use “URL / # prettyPhoto [gallery] / 1, /” to get the second XSS, and this is the first serious stage a robbery of cookies, making as follows:
“URL / # prettyPhoto [gallery] / 1, /”
Because of the danger from XSS, WordPress themes, Joomla templates, or other extensions, plugins, documentation which are in version 3.1.5 of prettyPhoto are required to update version 3.1.6 as soon as possible. The vulnerability is fixed in prettyPhoto version 3.1.6.
By updating the version 3.1.6, it will help you to protect your website and you don’t have to worry about the dangers anymore. And just share this post to let other people know!
Thanks all guy for reading the article!
Le Nhung is a supporter and blogger in Templaza.
She loves music, books and travel.
Being a member of Templaza is a fantastic experience to her.
She will try herself to contribute more and more to this lovely team.