Jump to content
Sign in to follow this  
Guest Nemessis

[RST] WP Ajax Edit Comments Plugin javascript injection

Recommended Posts

Guest Nemessis

Autor: vladiii

Plugin vulnerabil:


[url]http://www.raproject.com/ajax-edit-comments/media/[/url]

1) Vulnerabilitatea

Wordpress de obicei pune un strip_tags la continutul comentariului (in wp-comments-post.php, avand ceva de genul: $comment_content = trim(strip_tags($_POST['comment'])); ). De aceea nu puteti insera coduri javascript & stuff.

Insa daca acest plugin este activat, puteti edita comentariul. Adica puteti insera si javascript (fara ca acesta sa fie filtrat). Acest js ramane in codul sursa al paginii (permanent js injection). Poate fi introdus orice JS !!!

2) Fix

O modalitate de a rezolva aceasta problema ar fi urmatoarea: deshideti fisierul wp-ajax-edit-comments.php cu wordpad, dati File->Save apoi deschideti cu notepad. (daca deschideti de la inceput cu notepad, textul se va vedea obfuscat).

Duceti-va la linie 557, unde aveti: $content = apply_filters('comment_save_pre', $savecontent); ! Dati un enter si scrieti pe linia urmatoare:

$content=htmlentities($content);

Cam asta este tot. Thnx to Shocker & SlicK.

P.S. Multi, foarte multi bloggeri din Romania au avut/inca mai au activat pluginul acesta. Bafta !

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...