最新消息:

WordPress 3.9.1 – Page Persistent XSS

wordpress admin 1806浏览 0评论
# Exploit Title: WordPress version 3.9.1 “Add an About page” persistent XSS.
# Date: 21/06/14
# Exploit Author: VipVince
# Vendor Homepage: http://wordpress.org/
# Software Link: http://wordpress.org/wordpress-3.9.1.zip
# Version: 3.9.1
# Tested on: Windows
More input bugs on this version of WordPress, what where they thinking?
Exploit:
Log into the Admin CP.
Go to the Dashboard
Click “Add an About page”.
In the “Enter title here” form, add your vector: <script>alert(1)</script>
Click “Publish”.
You will then see “Page published. View page”
Click “View page”.
It will take you to a link like below:
http://wordpress_domain/?page_id=19
You will get your persistent XSS pop up.
Happy bug hunting. Tsk tsk WordPress.
本及测试过程如下:
1、进入后台,点击“页面”—->“新建页面”
20140625172158
2、将新建页面的标题设为跨站代码,内容随意。

如将标题设为:

<script>alert(1)</script>

20140625172448

3、保存页面,访问页面的固定链接就可以看到触发了xss代码。如访问我新建的页面:http://www.jinglingshu.org/?page_id=7243
20140625172657
可以看到xss代码已经触发了。当然如果你选择的主题在首页要展示页面的标题,那么访问首页时也会触发xss代码。如我用的这个主题,将页面的标题在上面显示了,因此我访问任何页面都会触发xss代码。
20140625174031
ps:不过这个xss漏洞有点鸡肋,因为只有“编辑”和“管理员”两类用户才可以修改页面。因此,只要是编辑权限才可以利用此漏洞。

转载请注明:jinglingshu的博客 » WordPress 3.9.1 – Page Persistent XSS


Warning: Use of undefined constant PRC - assumed 'PRC' (this will throw an Error in a future version of PHP) in /usr/share/nginx/html/wp-content/themes/d8/comments.php on line 17
发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址