测试方法:

提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
    1. Advisory ID: HTB23162
    2. Product:DuplicatorWordPressPlugin
    3. Vendor:LifeInTheGrid
    4. VulnerableVersion(s):0.4.4and probably prior
    5. TestedVersion:0.4.4
    6. VendorNotification:June19,2013
    7. VendorPatch:July21,2013
    8. PublicDisclosure:July24,2013
    9. VulnerabilityType:Cross-SiteScripting[CWE-79]
    10. CVE Reference: CVE-2013-4625
    11. RiskLevel:Low
    12. CVSSv2BaseScore:2.6(AV:N/AC:H/Au:N/C:N/I:P/A:N)
    13. SolutionStatus:FixedbyVendor
    14. DiscoveredandProvided:High-TechBridgeSecurityResearchLab( https://www.htbridge.com/advisory/ )
    15. -----------------------------------------------------------------------------------------------
    16. AdvisoryDetails:
    17. High-TechBridgeSecurityResearchLab discovered XSS vulnerability inDuplicatorWordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application.
    18. 1)Cross-SiteScripting(XSS)inDuplicatorWordPressPlugin: CVE-2013-4625
    19. The vulnerability exists due to insufficient filtration of user-supplied data in"package" HTTP GET parameter passed to "/wp-content/plugins/duplicator/files/installer.cleanup.php" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
    20. The exploitation example below uses the "alert()"JavaScriptfunction to display administrator's cookies:
    21. http://[host]/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
    22. -----------------------------------------------------------------------------------------------
    23. Solution:
    24. Upgrade to Duplicator 0.4.5
    25. More Information:
    26. http://support.lifeinthegrid.com/knowledgebase.php?article=20
    27. -----------------------------------------------------------------------------------------------
    28. References:
    29. [1] High-Tech Bridge Advisory HTB23162 - https://www.htbridge.com/advisory/HTB23162 - Cross-Site Scripting (XSS) in Duplicator WordPress Plugin.
    30. [2] Duplicator WordPress Plugin - http://lifeinthegrid.com/labs/duplicator/ - This free plugin available at wordpress.org is a powerful tool you can use to rapidly clone and deploy any WordPress site.
    31. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
    32. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.

WordPress Duplicator 0.4.4 Cross Site Scripting的更多相关文章

  1. Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting

    Healwire Online Pharmacy version 3.0 suffers from cross site request forgery and cross site scriptin ...

  2. XSS (Cross Site Scripting) Prevention Cheat Sheet(XSS防护检查单)

    本文是 XSS防御检查单的翻译版本 https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sh ...

  3. XSS 跨站脚本攻击(Cross Site Scripting)

    xss表示Cross Site Scripting(跨站脚本攻击),它与SQL注入攻击类似,SQL注入攻击中以SQL语句作为用户输入,从而达到查询/修改/删除数据的目的,而在xss攻击中,通过插入恶意 ...

  4. 跨站脚本攻击XXS(Cross Site Scripting)修复方案

    今天突然发现,网站被主页莫名奇妙的出现了陌生的广告. 通过排查发现是跨站脚本攻击XXS(Cross Site Scripting).以下为解决方案. 漏洞类型: Cross Site Scriptin ...

  5. WebGoat学习——跨站脚本攻击(Cross‐Site Scripting (XSS))

    跨站脚本攻击(Cross‐Site Scripting (XSS)) XSS(Cross Site Script)跨站脚本攻击.是指攻击者向被攻击Web 页面里插入恶意html代码,当用户浏览该页之时 ...

  6. 跨站脚本攻击(Cross‐Site Scripting (XSS))

    跨站脚本攻击(Cross‐Site Scripting (XSS)) 跨站脚本攻击(Cross‐Site Scripting (XSS)) XSS(Cross Site Script)跨站脚本攻击.是 ...

  7. Web安全之XSS(Cross Site Scripting)深入理解

    XSS的含义 XSS(Cross Site Scripting)即跨站脚本.跨站的主要内容是在脚本上. 跨站脚本 跨站脚本的跨,体现了浏览器的特性,可以跨域.所以也就给远程代码或者第三方域上的代码提供 ...

  8. DVWA 黑客攻防演练(十)反射型 XSS 攻击 Reflected Cross Site Scripting

    XSS (Cross-site scripting) 攻击,为和 CSS 有所区分,所以叫 XSS.又是一种防不胜防的攻击,应该算是一种 "HTML注入攻击",原本开发者想的是显示 ...

  9. DVWA 黑客攻防演练(十二) DOM型 XSS 攻击 DOM Based Cross Site Scripting

    反射型攻击那篇提及到,如何是"数据是否保存在服务器端"来区分,DOM 型 XSS 攻击应该算是 反射型XSS 攻击. DOM 型攻击的特殊之处在于它是利用 JS 的 documen ...

随机推荐

  1. [转] Creating a Simple RESTful Web App with Node.js, Express, and MongoDB

    You can find/fork the sample project on GitHub Hey! This and all my other tutorials will soon be mov ...

  2. GOOGLE搜索從入門到精通V4.0

    1,前言2,摘要3,如何使用本文4,Google簡介5,搜索入門6,初階搜索 6.1,搜索結果要求包含兩個及兩個以上關鍵字 6.2,搜索結果要求不包含某些特定資訊 6.3,搜索結果至少包含多個關鍵字中 ...

  3. HTML select 操作

    今天遇到一个问题,就是想设置select的默认选择项.但是试了很多方法都不行: <fieldset data-role="contractstatus"> <la ...

  4. 文档对象模型操作xml文档

    简介 :文档对象模型(DOM)是一种用于处理xml文档的API函数集. 2.1文档对象模型概述 按照W3C的定义,DOM是“一种允许程序或脚本动态地访问更新文档内容,结构和样式的.独立于平台和语言的规 ...

  5. Java集群之session共享解决方案

    随着互联网的日益壮大,网站的pv和uv成线性或者指数倍的增加.单服务器单数据库早已经不能满足实际需求.比如像盛大,淘宝这样的大型网络公司,更是如此.     集群,也就是让一组计算机服务器协同工作,达 ...

  6. html 新元素

    html5新元素 html5语义元素 <header> 定义了文档或者文档的一部分区域的页眉 <nav> 定义了导航链接的部分 <section> 定义了文档的某个 ...

  7. producer怎样发送消息到指定的partitions

    http://www.aboutyun.com/thread-9906-1-1.html http://my.oschina.net/u/591402/blog/152837 https://gith ...

  8. ORACLE解锁数据库用户

    the account is locked解决办法: 1.进入sqlplus sqlplus "/as sysdba" 2.解锁: alter user hpmng account ...

  9. Sql server 数据库中,纯SQL语句查询、执行 单引号问题。

    在默认值情况下, select 'abc',Titile from tb_Name;  ---输出内容 是abc: 如果想输出 单引号 'abc,需要使用select '''abc',Titile f ...

  10. c++ Cout 输出格式

    控制符是在头文件iomanip.h中定义的对象.使用前必须把iomanip.h包含进来 1. I/O的书写格式 I/0流是输入或输出的一系列字节,当程序需要在屏幕上显示输出时,可以使用插入操作符“&l ...