WordPress 4.0 the following version of the existence of cross-site scripting vulnerability-vulnerability warning-the black bar safety net

2014-11-27T00:00:00
ID MYHACK58:62201456270
Type myhack58
Reporter 佚名
Modified 2014-11-27T00:00:00

Description

WordPress is a famous open source CMS content management system. Recently, in 4. 0 version of the following Wordpress is found to exist cross-site scripting vulnerabilitiesXSS, the new version of Wordpress has fixed these issues. For safety reasons, the recommendations of the webmasters as soon as possible to update to WP version.

The vulnerability is by the Finnish IT company Klikki Oy's CEO Jouko Pynnonen discovered, exist only in Wordpress4. 0 following version. According to the survey learned that worldwide there are 8 6%of Wordpress sites are infected with this vulnerability, it means that millions of websites are there is a potential danger. Some reputed websites also use Wordpress software, such as Time, UPS, NBC Sports, CNN, Techcrunch and FreeBuf:)

Vulnerability overview

In WordPress there are a series of cross-site scripting vulnerability, an attacker utilizing cross-site scripting request forgery to trick a user to change the login password, or steal administrator privileges.

As Jouko Pynnonen explains:

When the blog administrator to view the comments, the comments in the exploit code automatically in their Web browser to run on. Then the malicious code will secretly take over the administrator account to perform administrator operations.

In order to prove their point, the researchers created an exploit program that exploits it. Using this exploits, they create a new WordPress administrator account, changing the current administrator password, and executed on the server an attack of the PHP code.

Vulnerability analysis

The problem is in wordpress leave a message, normally a message is to allow some html tags, such as<a>,<B>,<code>, etc., however the tag has some attribute is in the whitelist, such as<a>tag allows the href attribute, but the onmouseover attribute is not allowed.

[1] [2] [3] next