记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)

2017-07-07 18:40

WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)

WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)

Description

Version 12.0.9 and below of the WP Statistics WordPress Plugin was found to be vulnerable to Authenticated Reflected Cross-Site Scripting (XSS).The 'rangestart' and 'rangeend' GET parameter on page wps_referrers_page is output without validated, sanitised or output encoded. This leads to Authenticated Reflected Cross-Site Scripting (XSS), which could allow attackers to compromise a WordPress application by tricking an authenticated administrator user into clicking on a specially crafted link.

Technical Description:

file /includes/log/top-referring.php line 18-30, the $_GET['rangestart'] and $_GET['rangeend'] in $date_args variable.

file /includes/log/top-referring.php line 86, the date_args variable is output in the PHP echo() function

Proof of Concept (PoC)

Click on the following link in the Firefox browser:

1
http://mywordpress.com/wp-admin/admin.php?page=wps_referrers_page&rangeend=123123"><script>alert(1)</script><a a="

image.png-80kB


知识来源: lorexxar.cn/2017/07/07/WordPress WP Statistics authenticated xss Vulnerability(WP Statistics -=12.0.9)/

阅读:129576 | 评论:0 | 标签:xss

想收藏或者和大家分享这篇好文章→复制链接地址

“WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

ADS

标签云

本页关键词