Wordpress is continuously explosion two stored XSS, the impact of the latest version-bug warning-the black bar safety net

2015-04-28T00:00:00
ID MYHACK58:62201561753
Type myhack58
Reporter 佚名
Modified 2015-04-28T00:00:00

Description

! /Article/UploadPic/2015-4/201542811437550.jpg

The official Wordpress in 4 on 2 1, released new version 4. 1. 2, wherein the mentioned fixes a serious memory typexssvulnerabilities. Soon someone shows vulnerability details.

Thisxssstill appear in the wordpress comments, but the problem is caused by mysql, one of the characteristics caused. In mysql utf8 character set, a character composed of 1 to 3 bytes, for a greater than 3-byte characters, mysql uses the utf8mb4 in the form of to store. If we will be a utf8mb4 characters inserted into a utf8-encoded columns, then the mysql in non-strict mode, his approach is behind the content truncated.

Take advantage of this feature, the authors found a wordpress thisxssvulnerabilities.

The Wordpress default is utf8 encoded and do not turn on strict mode, if we join one such message:

|

1

|

the <abbr title='Web𝌆log'>blog!& lt;/abbr> Web and log in the middle is a utf8mb4 character

---|---

Then he inserted the database will be like this:

the <abbr title='Web

This will cause wordpress page layout confusion, if we insert one of such messages:

1

2

|

cedric'

style='position:fixed;top:0;left:0;width:1 0 0%;height:1 0 0%'

---|---

[1] [2] [3] next