测试方法:

提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
    1. Advisory ID: HTB23162
    2. Product:DuplicatorWordPressPlugin
    3. Vendor:LifeInTheGrid
    4. VulnerableVersion(s):0.4.4and probably prior
    5. TestedVersion:0.4.4
    6. VendorNotification:June19,2013
    7. VendorPatch:July21,2013
    8. PublicDisclosure:July24,2013
    9. VulnerabilityType:Cross-SiteScripting[CWE-79]
    10. CVE Reference: CVE-2013-4625
    11. RiskLevel:Low
    12. CVSSv2BaseScore:2.6(AV:N/AC:H/Au:N/C:N/I:P/A:N)
    13. SolutionStatus:FixedbyVendor
    14. DiscoveredandProvided:High-TechBridgeSecurityResearchLab( https://www.htbridge.com/advisory/ )
    15. -----------------------------------------------------------------------------------------------
    16. AdvisoryDetails:
    17. High-TechBridgeSecurityResearchLab discovered XSS vulnerability inDuplicatorWordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application.
    18. 1)Cross-SiteScripting(XSS)inDuplicatorWordPressPlugin: CVE-2013-4625
    19. The vulnerability exists due to insufficient filtration of user-supplied data in"package" HTTP GET parameter passed to "/wp-content/plugins/duplicator/files/installer.cleanup.php" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
    20. The exploitation example below uses the "alert()"JavaScriptfunction to display administrator's cookies:
    21. http://[host]/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
    22. -----------------------------------------------------------------------------------------------
    23. Solution:
    24. Upgrade to Duplicator 0.4.5
    25. More Information:
    26. http://support.lifeinthegrid.com/knowledgebase.php?article=20
    27. -----------------------------------------------------------------------------------------------
    28. References:
    29. [1] High-Tech Bridge Advisory HTB23162 - https://www.htbridge.com/advisory/HTB23162 - Cross-Site Scripting (XSS) in Duplicator WordPress Plugin.
    30. [2] Duplicator WordPress Plugin - http://lifeinthegrid.com/labs/duplicator/ - This free plugin available at wordpress.org is a powerful tool you can use to rapidly clone and deploy any WordPress site.
    31. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
    32. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.

WordPress Duplicator 0.4.4 Cross Site Scripting的更多相关文章

  1. Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting

    Healwire Online Pharmacy version 3.0 suffers from cross site request forgery and cross site scriptin ...

  2. XSS (Cross Site Scripting) Prevention Cheat Sheet(XSS防护检查单)

    本文是 XSS防御检查单的翻译版本 https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sh ...

  3. XSS 跨站脚本攻击(Cross Site Scripting)

    xss表示Cross Site Scripting(跨站脚本攻击),它与SQL注入攻击类似,SQL注入攻击中以SQL语句作为用户输入,从而达到查询/修改/删除数据的目的,而在xss攻击中,通过插入恶意 ...

  4. 跨站脚本攻击XXS(Cross Site Scripting)修复方案

    今天突然发现,网站被主页莫名奇妙的出现了陌生的广告. 通过排查发现是跨站脚本攻击XXS(Cross Site Scripting).以下为解决方案. 漏洞类型: Cross Site Scriptin ...

  5. WebGoat学习——跨站脚本攻击(Cross‐Site Scripting (XSS))

    跨站脚本攻击(Cross‐Site Scripting (XSS)) XSS(Cross Site Script)跨站脚本攻击.是指攻击者向被攻击Web 页面里插入恶意html代码,当用户浏览该页之时 ...

  6. 跨站脚本攻击(Cross‐Site Scripting (XSS))

    跨站脚本攻击(Cross‐Site Scripting (XSS)) 跨站脚本攻击(Cross‐Site Scripting (XSS)) XSS(Cross Site Script)跨站脚本攻击.是 ...

  7. Web安全之XSS(Cross Site Scripting)深入理解

    XSS的含义 XSS(Cross Site Scripting)即跨站脚本.跨站的主要内容是在脚本上. 跨站脚本 跨站脚本的跨,体现了浏览器的特性,可以跨域.所以也就给远程代码或者第三方域上的代码提供 ...

  8. DVWA 黑客攻防演练(十)反射型 XSS 攻击 Reflected Cross Site Scripting

    XSS (Cross-site scripting) 攻击,为和 CSS 有所区分,所以叫 XSS.又是一种防不胜防的攻击,应该算是一种 "HTML注入攻击",原本开发者想的是显示 ...

  9. DVWA 黑客攻防演练(十二) DOM型 XSS 攻击 DOM Based Cross Site Scripting

    反射型攻击那篇提及到,如何是"数据是否保存在服务器端"来区分,DOM 型 XSS 攻击应该算是 反射型XSS 攻击. DOM 型攻击的特殊之处在于它是利用 JS 的 documen ...

随机推荐

  1. ssh登录很慢解决方法

    使用ssh客户端(如:putty)连接Linux服务器,可能会等待10-30秒才有提示输入密码.严重影响工作效率.登录很慢,登录上去后速度正常,这种情况主要有两种可能的原因: 1. DNS反向解析问题 ...

  2. 使用WebSocket构建实时WEB

    为了防止无良网站的爬虫抓取文章,特此标识,转载请注明文章出处.LaplaceDemon/SJQ. http://www.cnblogs.com/shijiaqi1066/p/3795075.html ...

  3. 11.2 morning

    noip模拟题day1——棋盘上的问题 day1模拟题 By FancyCoder总览(Overview)注意事项:共3道题目,时间2.5小时.Pascal选手允许使用math库和ansistring ...

  4. Java_Activiti5_菜鸟也来学Activiti5工作流_之初识BPMN2.0的简单结构(五)

    <?xml version="1.0" encoding="UTF-8"?> <definitions xmlns="http:// ...

  5. Java-Android 之电话拨号源码

    file:///F:/workspace3/Android_ver2.4/src/cn/szy/com/MainActivity.java package cn.szy.com; import and ...

  6. Android 巧妙实现图片和文字上下布局或者左右布局

    最近去了一家新公司,然后开始做新的项目,看其代码发现了一个很巧妙的方法来实现图片在上面文字在下面的布局方式.只需要一个控件——RadioButton. 布局文件很简单,用来展示RadioBUtton的 ...

  7. android入门系列- TextView EditText Button ImageView 的简单应用

    第一篇原创,其实自己就是一菜鸟,简单分享点基本知识吧.希望能有所帮助吧. TextView EditText Button ImageView 这几个控件可能是Android开发中最常用.最基本的几个 ...

  8. c# 连接oracle 读取数据

    using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; usin ...

  9. JS 通过系统时间限定 动态添加 select option

    虽然是个简单的效果,还是需要积累一下,记录一下: 在八月一号之后,删除最后一项,新添加2016级 — — 2015级 2014级 2013级 2012级 在六月一号之后,删除最后一项,新添加2016级 ...

  10. SGU 111.Very simple problem

    题目大意:              求平方不大于n(n<=10^1000)的最大的数. 分析:              二分+高精度乘法 或者 高精度开方...               ...