测试方法:

提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
    1. Advisory ID: HTB23162
    2. Product:DuplicatorWordPressPlugin
    3. Vendor:LifeInTheGrid
    4. VulnerableVersion(s):0.4.4and probably prior
    5. TestedVersion:0.4.4
    6. VendorNotification:June19,2013
    7. VendorPatch:July21,2013
    8. PublicDisclosure:July24,2013
    9. VulnerabilityType:Cross-SiteScripting[CWE-79]
    10. CVE Reference: CVE-2013-4625
    11. RiskLevel:Low
    12. CVSSv2BaseScore:2.6(AV:N/AC:H/Au:N/C:N/I:P/A:N)
    13. SolutionStatus:FixedbyVendor
    14. DiscoveredandProvided:High-TechBridgeSecurityResearchLab( https://www.htbridge.com/advisory/ )
    15. -----------------------------------------------------------------------------------------------
    16. AdvisoryDetails:
    17. High-TechBridgeSecurityResearchLab discovered XSS vulnerability inDuplicatorWordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application.
    18. 1)Cross-SiteScripting(XSS)inDuplicatorWordPressPlugin: CVE-2013-4625
    19. The vulnerability exists due to insufficient filtration of user-supplied data in"package" HTTP GET parameter passed to "/wp-content/plugins/duplicator/files/installer.cleanup.php" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
    20. The exploitation example below uses the "alert()"JavaScriptfunction to display administrator's cookies:
    21. http://[host]/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
    22. -----------------------------------------------------------------------------------------------
    23. Solution:
    24. Upgrade to Duplicator 0.4.5
    25. More Information:
    26. http://support.lifeinthegrid.com/knowledgebase.php?article=20
    27. -----------------------------------------------------------------------------------------------
    28. References:
    29. [1] High-Tech Bridge Advisory HTB23162 - https://www.htbridge.com/advisory/HTB23162 - Cross-Site Scripting (XSS) in Duplicator WordPress Plugin.
    30. [2] Duplicator WordPress Plugin - http://lifeinthegrid.com/labs/duplicator/ - This free plugin available at wordpress.org is a powerful tool you can use to rapidly clone and deploy any WordPress site.
    31. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
    32. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.

WordPress Duplicator 0.4.4 Cross Site Scripting的更多相关文章

  1. Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting

    Healwire Online Pharmacy version 3.0 suffers from cross site request forgery and cross site scriptin ...

  2. XSS (Cross Site Scripting) Prevention Cheat Sheet(XSS防护检查单)

    本文是 XSS防御检查单的翻译版本 https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sh ...

  3. XSS 跨站脚本攻击(Cross Site Scripting)

    xss表示Cross Site Scripting(跨站脚本攻击),它与SQL注入攻击类似,SQL注入攻击中以SQL语句作为用户输入,从而达到查询/修改/删除数据的目的,而在xss攻击中,通过插入恶意 ...

  4. 跨站脚本攻击XXS(Cross Site Scripting)修复方案

    今天突然发现,网站被主页莫名奇妙的出现了陌生的广告. 通过排查发现是跨站脚本攻击XXS(Cross Site Scripting).以下为解决方案. 漏洞类型: Cross Site Scriptin ...

  5. WebGoat学习——跨站脚本攻击(Cross‐Site Scripting (XSS))

    跨站脚本攻击(Cross‐Site Scripting (XSS)) XSS(Cross Site Script)跨站脚本攻击.是指攻击者向被攻击Web 页面里插入恶意html代码,当用户浏览该页之时 ...

  6. 跨站脚本攻击(Cross‐Site Scripting (XSS))

    跨站脚本攻击(Cross‐Site Scripting (XSS)) 跨站脚本攻击(Cross‐Site Scripting (XSS)) XSS(Cross Site Script)跨站脚本攻击.是 ...

  7. Web安全之XSS(Cross Site Scripting)深入理解

    XSS的含义 XSS(Cross Site Scripting)即跨站脚本.跨站的主要内容是在脚本上. 跨站脚本 跨站脚本的跨,体现了浏览器的特性,可以跨域.所以也就给远程代码或者第三方域上的代码提供 ...

  8. DVWA 黑客攻防演练(十)反射型 XSS 攻击 Reflected Cross Site Scripting

    XSS (Cross-site scripting) 攻击,为和 CSS 有所区分,所以叫 XSS.又是一种防不胜防的攻击,应该算是一种 "HTML注入攻击",原本开发者想的是显示 ...

  9. DVWA 黑客攻防演练(十二) DOM型 XSS 攻击 DOM Based Cross Site Scripting

    反射型攻击那篇提及到,如何是"数据是否保存在服务器端"来区分,DOM 型 XSS 攻击应该算是 反射型XSS 攻击. DOM 型攻击的特殊之处在于它是利用 JS 的 documen ...

随机推荐

  1. mac tips

    1. Mac Terminal color for different types 在 ~ 先建立一个文件  ~/.bash_profile 加入下面的两行:export CLICOLOR=1expo ...

  2. 4 - SQL Server 2008 之 使用SQL语句删除表格

    使用删除表格的SQL命令与删除数据的命令一样,只是删除的是表格这个对象, 语法如下:DROP TABLE 表名 一般在删除表格之前,需判断这个表格存不存在,存在则删除,不存在则不进行执行任何代码. 代 ...

  3. warning:This application is modifying the autolayout engine from a background thread

    警告提示:This application is modifying the autolayout engine from a background thread, which can lead to ...

  4. JS根据key值获取URL中的参数值,以及把URL的参数转换成json对象

    //把url的参数部分转化成json对象 parseQueryString: function (url) { var reg_url = /^[^\?]+\?([\w\W]+)$/, reg_par ...

  5. CSS3 变形小结

    为原始大小 b:纵向扭曲,0为不变 c :横向扭曲,0不变 d:垂直伸缩量,1为原始大小 e:水平偏移量,0为初始位置 f  :垂直偏移向,0是初始位置 Ø原点 transform-origin() ...

  6. 基于Android_volley的Get、Post的方法

    用Android_volley加载网络信息有Get,post两种方式,通过一个例子来说明,在Activity中设置两个Button,分别测试Get.post方法 一般分为三步, 1. 创建一个Requ ...

  7. IIViewDeckController的使用,左右拖拉菜单效果实现

    博客园   IIViewDeckController的使用,左右拖拉菜单效果实现   很多应用里面都实现了对应的侧拉 显示隐藏的效果,看起来很符合用户体验的类似于这种   看起来很好看,今天去晚上搜下 ...

  8. [转载]hadoop SecondNamenode详解

    SecondNamenode名字看起来很象是对第二个Namenode,要么与Namenode一样同时对外提供服务,要么相当于Namenode的HA.真正的了解了SecondNamenode以后,才发现 ...

  9. gvim 常用命令

    插入: insert 强退: :q! 退出: :q 保存: :w 保存退出::wq 复制: yy(单行)   多行:8yy 删除: dd(单行)   多行:8dd 或者 :4,8d 执行脚本: :! ...

  10. Unity3D动态加载外部资源

    最近一直在和这些内容纠缠,把心得和大家共享一下: Unity里有两种动态加载机制:一是Resources.Load,一是通过AssetBundle,其实两者本质上我理解没有什么区别.Resources ...