WordPress 'sidebar.php'跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190636 漏洞类型 跨站脚本
发布时间 2007-05-11 更新时间 2007-05-11
CVE编号 CVE-2007-2627 CNNVD-ID CNNVD-200705-200
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://www.securityfocus.com/bid/81785
https://cxsecurity.com/issue/WLB-2007050048
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-200
|漏洞详情
WordPress的sidebar.php中存在跨站脚本攻击漏洞。当调用get_sidebar的custom404页被使用时,远程攻击者可以借助查询字符串,注入任意的web脚本或HTML。此漏洞不同于CVE-2007-1622。
|漏洞EXP
Advisory by Jose Carlos Norte

Wordpress is vulnerable to XSS attacks when custom 404 pages are used by the template.

The problem (sidebar.php):

<form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>">

if wordpress template use custom 404 pages, like:

<?php get_header(); ?>

<div id="content" class="narrowcolumn">

<h2 class="center">Error 404 - Not Found</h2>

</div>

<?php get_sidebar(); ?>

$_SERVER['PHP_SELF']; can contain special characters to break out html and perform XSS attacks, example:

http://www.example.com/index.php/"><script>alert(document.cookie)</scrip
t>

if no custom 404 page set by wordpress theme this attacks is not posible.
|受影响的产品
WordPress WordPress 3.3
|参考资料

来源:BUGTRAQ
名称:20070502WordpressAllversionsXSS
链接:http://www.securityfocus.com/archive/1/archive/1/467360/100/0/threaded
来源:SREASON
名称:2694
链接:http://securityreason.com/securityalert/2694