Lucene search
RootSSV:19430HistoryApr 09, 2010 - 12:00 a.m.
WordPress NextGEN Gallery插件mode参数跨站脚本漏洞
2010-04-0900:00:00
Root
www.seebug.org
19
0.018 Low
EPSS
Percentile
86.6%
BUGTRAQ ID: 39250
CVE ID: CVE-2010-1186
WordPress是一款免费的论坛Blog系统。
WordPress所使用的NextGEN Gallery图形库插件没有正确地转义提交给media-rss.php脚本的mode参数:
/-----
$mode = $_GET["mode"];
- -----/
如果没有选择正确的mode,该参数就被返回给用户:
/-----
} else {
header(‘content-type:text/plain;charset=utf-8’);
echo sprintf(__("Invalid MediaRSS command (%s).","nggallery"), $mode);
exit;
}
- -----/
尽管插件安全的选择了Content-Type,但还不足以防范代码注入,因为一些浏览器(如Internet Explorer)通过解析web-server所返回的内容来选择内容类型,而不是遵循正确的头
WordPress NextGEN Gallery 1.5.1
WordPress NextGEN Gallery 1.5.0
厂商补丁:
WordPress
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://wordpress.org/extend/plugins/nextgen-gallery/changelog/
http://localhost/wordpress/wp-content/plugins/nextgen-gallery/xml/media-rss.php?mode=%3Cscript%3Ealert(1)%3C/script%3E
Related
wpvulndb
wpvulndb
NextGEN Gallery <= 1.5.1 - Cross-Site Scripting (XSS)
2014-08-01 00:00:00
packetstorm
packetstorm
Core Security Technologies Advisory 2010.0323
2010-04-07 00:00:00
exploitpack
exploitpack
WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting
2010-04-06 00:00:00
patchstack
patchstack
WordPress NextGEN Gallery Plugin <= 1.5.1 - XSS Vulnerability
2010-04-06 00:00:00
prion
prion
Cross site scripting
2010-04-07 15:30:00
checkpoint_advisories
checkpoint_advisories
WordPress NextGEN Gallery Plugin Cross-Site Scripting (CVE-2010-1186)
2020-11-21 00:00:00
seebug
seebug
Wordpress Plugin NextGEN Gallery <= 1.5.1 - XSS Vulnerability
2014-07-01 00:00:00
cve
cve
CVE-2010-1186
2010-04-07 15:30:00
securityvulns
securityvulns
exploitdb
exploitdb
WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting
2010-04-06 00:00:00