Vulnerability analysis: WordPress image plugin Fancybox-For-WordPress vulnerability to cause the batch hung it-vulnerability warning-the black bar safety net

2015-02-22T00:00:00
ID MYHACK58:62201559310
Type myhack58
Reporter 佚名
Modified 2015-02-22T00:00:00

Description

!

Fancybox For WordPress is a great WordPress picture plugin, it can make your WordPress images pop up a nice browsing interface, showing the rich pop-up layer effect.

Last week security researchers found that some Wordpress blogs suffered a batch hung it, and these blogs have in common is to install the Fancybox plug-in. Researchers through the analysis, found this plug-in vulnerabilities.

Vulnerability analysis

This vulnerability exists in less than 3. 0. 2 version of the plugin, and the exploit is one for the wp plugin, one of the more common attack pathways: without the protection of the admin_init hook.

!

Due to the admin_init hook can be any access/wp-admin/admin-post. php or/wp-admin/admin-ajax. php page the person the call, the attacker can place the plugin in the“mfbfw”option to change into any content.

That this option is doing?

!

We found many places are using this option. While our attention is mfbfw_init()Function, This function will display a jQuery script, using our prior in the mfbfw_admin_options()function to set the parameters.

!

On the figure you can see,$settings no processing on the output.

So an attacker if used without protection the admin_init hook can be in is to attack the site all the pages to inject malicious javascript to attack the load, such as malicious iframe.