WordPress跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114208 漏洞类型 跨站脚本
发布时间 2008-01-03 更新时间 2008-09-05
CVE编号 CVE-2008-0193 CNNVD-ID CNNVD-200801-128
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30979
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200801-128
|漏洞详情
WordPress是一套用于艺术类的Web出版发布系统。WordPress2.0.11和更早版本,以及可能从2.1.x到2.3.x版本下的wp-db-backup.php中的的跨站脚本漏洞允许远程攻击者借助wp-db-backup.php到wp-admin/edit操作中的backup参数来注入任意的Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/27123/info
  
WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
  
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.


http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=%3Cscript%3Ealert(document.cookie)%3C/script%3E
|参考资料

来源:BID
名称:27123
链接:http://www.securityfocus.com/bid/27123
来源:BUGTRAQ
名称:20080103securityvulns.comrussianvulnerabilitiesdigest
链接:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
来源:MISC
链接:http://websecurity.com.ua/1676/
来源:MISC
链接:http://securityvulns.ru/Sdocument755.html
来源:FULLDISC
名称:20080103securityvulns.comrussianvulnerabilitiesdigest
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
来源:DEBIAN
名称:DSA-1502
链接:http://www.debian.org/security/2008/dsa-1502
来源:SREASON
名称:3539
链接:http://securityreason.com/securityalert/3539
来源:SECUNIA
名称:29014
链接:http://secunia.com/advisories/29014