测试方法:

提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
    1. Advisory ID: HTB23162
    2. Product:DuplicatorWordPressPlugin
    3. Vendor:LifeInTheGrid
    4. VulnerableVersion(s):0.4.4and probably prior
    5. TestedVersion:0.4.4
    6. VendorNotification:June19,2013
    7. VendorPatch:July21,2013
    8. PublicDisclosure:July24,2013
    9. VulnerabilityType:Cross-SiteScripting[CWE-79]
    10. CVE Reference: CVE-2013-4625
    11. RiskLevel:Low
    12. CVSSv2BaseScore:2.6(AV:N/AC:H/Au:N/C:N/I:P/A:N)
    13. SolutionStatus:FixedbyVendor
    14. DiscoveredandProvided:High-TechBridgeSecurityResearchLab( https://www.htbridge.com/advisory/ )
    15. -----------------------------------------------------------------------------------------------
    16. AdvisoryDetails:
    17. High-TechBridgeSecurityResearchLab discovered XSS vulnerability inDuplicatorWordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application.
    18. 1)Cross-SiteScripting(XSS)inDuplicatorWordPressPlugin: CVE-2013-4625
    19. The vulnerability exists due to insufficient filtration of user-supplied data in"package" HTTP GET parameter passed to "/wp-content/plugins/duplicator/files/installer.cleanup.php" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
    20. The exploitation example below uses the "alert()"JavaScriptfunction to display administrator's cookies:
    21. http://[host]/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
    22. -----------------------------------------------------------------------------------------------
    23. Solution:
    24. Upgrade to Duplicator 0.4.5
    25. More Information:
    26. http://support.lifeinthegrid.com/knowledgebase.php?article=20
    27. -----------------------------------------------------------------------------------------------
    28. References:
    29. [1] High-Tech Bridge Advisory HTB23162 - https://www.htbridge.com/advisory/HTB23162 - Cross-Site Scripting (XSS) in Duplicator WordPress Plugin.
    30. [2] Duplicator WordPress Plugin - http://lifeinthegrid.com/labs/duplicator/ - This free plugin available at wordpress.org is a powerful tool you can use to rapidly clone and deploy any WordPress site.
    31. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
    32. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.

WordPress Duplicator 0.4.4 Cross Site Scripting的更多相关文章

  1. Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting

    Healwire Online Pharmacy version 3.0 suffers from cross site request forgery and cross site scriptin ...

  2. XSS (Cross Site Scripting) Prevention Cheat Sheet(XSS防护检查单)

    本文是 XSS防御检查单的翻译版本 https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sh ...

  3. XSS 跨站脚本攻击(Cross Site Scripting)

    xss表示Cross Site Scripting(跨站脚本攻击),它与SQL注入攻击类似,SQL注入攻击中以SQL语句作为用户输入,从而达到查询/修改/删除数据的目的,而在xss攻击中,通过插入恶意 ...

  4. 跨站脚本攻击XXS(Cross Site Scripting)修复方案

    今天突然发现,网站被主页莫名奇妙的出现了陌生的广告. 通过排查发现是跨站脚本攻击XXS(Cross Site Scripting).以下为解决方案. 漏洞类型: Cross Site Scriptin ...

  5. WebGoat学习——跨站脚本攻击(Cross‐Site Scripting (XSS))

    跨站脚本攻击(Cross‐Site Scripting (XSS)) XSS(Cross Site Script)跨站脚本攻击.是指攻击者向被攻击Web 页面里插入恶意html代码,当用户浏览该页之时 ...

  6. 跨站脚本攻击(Cross‐Site Scripting (XSS))

    跨站脚本攻击(Cross‐Site Scripting (XSS)) 跨站脚本攻击(Cross‐Site Scripting (XSS)) XSS(Cross Site Script)跨站脚本攻击.是 ...

  7. Web安全之XSS(Cross Site Scripting)深入理解

    XSS的含义 XSS(Cross Site Scripting)即跨站脚本.跨站的主要内容是在脚本上. 跨站脚本 跨站脚本的跨,体现了浏览器的特性,可以跨域.所以也就给远程代码或者第三方域上的代码提供 ...

  8. DVWA 黑客攻防演练(十)反射型 XSS 攻击 Reflected Cross Site Scripting

    XSS (Cross-site scripting) 攻击,为和 CSS 有所区分,所以叫 XSS.又是一种防不胜防的攻击,应该算是一种 "HTML注入攻击",原本开发者想的是显示 ...

  9. DVWA 黑客攻防演练(十二) DOM型 XSS 攻击 DOM Based Cross Site Scripting

    反射型攻击那篇提及到,如何是"数据是否保存在服务器端"来区分,DOM 型 XSS 攻击应该算是 反射型XSS 攻击. DOM 型攻击的特殊之处在于它是利用 JS 的 documen ...

随机推荐

  1. xslt语法之---运算符号

      <xsl:param name="count">12</xsl:param > <xsl:template match="/" ...

  2. oracle的安装与plsql的环境配置

    1,首先得有oracle的安装包和plsql的安装包,安装包地址可见百度云 http://pan.baidu.com/s/1miTqhmg 2.解压下来进入0817账套,找到set.exe文件,双击安 ...

  3. Java使用poi对Execl简单_读_操作

    public class ReadExecl { // private final String XLSX = ".xlsx"; // 2007以上版本 // private fi ...

  4. HTML5 WebAudioAPI简介(一)

    一.常用对象 1.AudioContext对象 AudioContext是一个专门用于音频处理的接口,并且原理是讲AudioContext创建出来的各种节点(AudioNode)相互连接,音频数据流经 ...

  5. [转载]CentOS6.4+Mono3.0.7+Jexus5.2.5

    本文章来自互联网,但是本人已经在VM虚拟机里面测试成功,所以分享给大家 1.更新 yum -y update 2.安装Mono源码安装需要的库 yum -y install gcc gcc-c++ a ...

  6. Linux系统swap已分区但无法挂载与cryptswap1问题

    linux下察看swap分区大小的命令 top 或者fdisk -l 或者free -m SWAP分区一般大小为物理内存的2倍,但最大不超过2G; 增加SWAP空间的方法有两个:增加另外一个SWAP分 ...

  7. c读写文件相关

    1.打开文件: 函数原型: FILE * fopen(const char * path,const char * mode); 返回值: 文件顺利打开后,指向该流的文件指针就会被返回.如果文件打开失 ...

  8. SGU 199 Beautiful People(DP+二分)

    时间限制:0.25s 空间限制:4M 题意: 有n个人,每个人有两个能力值,只有一个人的两个能力都小于另一个的能力值,这两个人才能共存,求能同时共存的最大人数. Solution: 显然这是一个两个关 ...

  9. HDU 3359 Kind of a Blur(高斯消元)

    题意: H * W (W,H <= 10) 的矩阵A的某个元素A[i][j],从它出发到其他点的曼哈顿距离小于等于D的所有值的和S[i][j]除上可达点的数目,构成了矩阵B.给定矩阵B,求矩阵A ...

  10. 【转载】C++应用引用计数技术

    原帖:http://www.cnblogs.com/chain2012/archive/2010/11/12/1875578.html 因为Windows的内核对象也运用了引用计数,所以稍作了解并非无 ...