WordPress的3.2.1核心模块post-template.php XSS漏洞

Author : Darshit Ashara
Version: 3.2.1

WordPress核心模块不正确的代码(post-template.php), 导致跨站点脚本。

</a><script>alert(‘1’);</script><a>
都会给给索引页和后页的造成影响。 
漏洞已经通知官方
修补方法:

3.Vulnerable Code Part 1 
4.function the_title($before = ”, $after = ”, $echo = true) { 
5.  $title = get_the_title(); 
6. 
7.  if ( strlen($title) == 0 ) 
8.    return; 
9. 
10.  $title = $before . $title . $after; 
11. 
12.  if ( $echo ) 
13.    echo htmlentities($title); /* Line No 52 Patch*/ 
14.  else 
15.    return htmlentities($title); /* Line No 54 Patch*/ 
16.} 
17. 
18. 
19.Vulnerable Code Part 2 
20.function the_title_attribute( $args = ” ) { 
21.  $title = get_the_title(); 
22. 
23.  if ( strlen($title) == 0 ) 
24.    return; 
25. 
26.  $defaults = array(‘before’ => ”, ‘after’ =>  ”, ‘echo’ => true); 
27.  $r = wp_parse_args($args, $defaults); 
28.  extract( $r, EXTR_SKIP ); 
29. 
30. 
31.  $title = $before . $title . $after; 
32.  $title = esc_attr(strip_tags($title)); 
33. 
34.  if ( $echo ) 
35.    echo htmlentities($title) ;/* Line No 87 Patch here By adding htmlentities*/ 
36.  else 
37.    return htmlentities($title); /* Line No 89 Patch*/ 
38.} 
39. 
40./*This will Patch XSS in Post page*/ 
41. 
42.Vulnerable Code Part 3 
43.function get_the_title( $id = 0 ) { 
44.  $post = &get_post($id); 
45. 
46.  $title = isset($post->post_title) ? $post->post_title : ”; 
47.  $id = isset($post->ID) ? $post->ID : (int) $id; 
48. 
49.  if ( !is_admin() ) { 
50.    if ( !emptyempty($post->post_password) ) { 
51.      $protected_title_format = apply_filters(‘protected_title_format’, __(‘Protected: %s’)); 
52.      $title = sprintf($protected_title_format, $title); 
53.    } else if ( isset($post->post_status) && ‘private’ == $post->post_status ) { 
54.      $private_title_format = apply_filters(‘private_title_format’, __(‘Private: %s’)); 
55.      $title = sprintf($private_title_format, $title); 
56.    } 
57.  } 
58.  return htmlentities(apply_filters( ‘the_title’, $title, $id )); /* Line No 119 Patch*/ 
59.} 

发表评论?

0 条评论。

发表评论