Comment matter Wordpress plugin persistent XSS and Key remote arbitrary tampering-bug warning-the black bar safety net

ID MYHACK58:62201233719
Type myhack58
Reporter 佚名
Modified 2012-04-21T00:00:00


  1. xss

/wp-content/plugins/pinglunla/relay. php? sid=ec51555f3e5e125257457a73609bdbe15cb7c29d"></script><script>alert(0)</script><script%20src="

The above URL for tampering with comments. SID, while injecting any script, the script will be saved permanently, affecting all of the open comments feature of the page.

Vulnerability to prove:"></script><script>alert(0)</script><script%20src="


Through a carefully constructed URL, can be any tampering with the stored in the database SID value. SID is the comments. used to identify the user identity identification.

Detailed description:

/wp-content/plugins/pinglunla/relay. php? sid=new sid here

The above URL is used to receive PINGLUNLA Server callback, the parameter sid is the value of"new sid here"replace saved to the database, because does not do any authentication, anonymous user can call the interface further tampering with the sid.

Vulnerability to prove: sid here

Repair solutions:

In addition to waiting for the official fix, or you can temporarily modify your folder name, such as wp-content, plinglunla, so as not to be guessing.

Author markstip