来源:自学PHP网 时间:2015-04-17 10:16 作者: 阅读:次
[导读] =======================标题=====Quick Contact Form - Persistent Cross Site Scripting Vulnerability作者======Zy0d0x开发者======Quick Plugins - http: quick-plugins com 受影响产品========...
======================= 标题 ===== Quick Contact Form - Persistent Cross Site Scripting Vulnerability 作者 ====== Zy0d0x 开发者 ====== Quick Plugins - http://quick-plugins.com/ 受影响产品 ================ Quick Contact Form Wordpress Plugin Version 6.0 possibly earlier VULNERABILITY CLASS =================== Cross-Site Scripting 描述 =========== Quick Contact Form suffers from a persistent Cross-Site Scripting vulnerability due to a lack of input validation and output sanitization of the qcfname4 paramater. Other input fields are also effective to reflective cross site scripting. 测试证明 ================ Enter the following into the field where Quick Contact Form requests a Message. --- SNIP --- "><script>alert(String.fromCharCode(90,121,48,100,48,120))</script>< --- SNIP --- If the message has been sent successfully a alert diolog will apear containing Zy0d0x when an user checks there message in the dashboard. 影响 ====== An attacker could potentially hijack session authentication tokes of remote users and leverage the vulnerability to increase the attack vector to the underlying software and operating system of the victim. 级别 ============ 高危 状态 ====== 新版v6.1已经修复
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
