WordPress Featurific For WordPress插件 ‘snum’参数跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1120643 漏洞类型 跨站脚本
发布时间 2011-11-23 更新时间 2013-02-14
CVE编号 CVE-2011-5265 CNNVD-ID CNNVD-201111-411
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/36339
https://www.securityfocus.com/bid/50779
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201111-411
|漏洞详情
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress平台上的WordPress插件1.6.2的Featurific中的cached_image.php中存在跨站脚本漏洞。远程攻击者可通过snum参数利用该漏洞注入任意网页脚本或HTML代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/50779/info

Featurific For WordPress plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Featurific For WordPress 1.6.2 is vulnerable; other versions may also be affected.

UPDATE April 18, 2012: Further reports indicate this issue may not be a vulnerability; the issue can not be exploited as described. 

http://www.example.com/[path]/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=[xss]
|受影响的产品
rinogo Featurific For WordPress 1.6.2
|参考资料

来源:XF
名称:featurific-snum-xss(71468)
链接:http://xforce.iss.net/xforce/xfdb/71468
来源:BID
名称:50779
链接:http://www.securityfocus.com/bid/50779
来源:BUGTRAQ
名称:20111123Wordpressfeaturific-for-wordpresspluginCross-SiteScriptingVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/520625/100/0/threaded
来源:OSVDB
名称:77337
链接:http://osvdb.org/77337
来源:BUGTRAQ
名称:20120417Re:Wordpressfeaturific-for-wordpresspluginCross-SiteScriptingVulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2012-04/0120.html