Description: A Reflected XSS Vulnerability in wordpress plugin"raygun4wp 1.8.0.0" Status: Fixed From version 1.8.1 Details: This vulnerability exist in the file "raygun4wp/ sendtesterror.php", the critical code as follow screen snapshot: >> line 50 means that the variable $previousUrl is from browser side, so it can be controlled by user. >>line 54 means that web server side has no checking on $previousUrl before writing it to the response html, so if $previousUrl contains javascript code, the code will be executed on the browser side. So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. http://localhost/wordpress/wp-content/plugins/raygun4wp/sendtesterror.php?backurl="/><script>alert("hacked");</script> Reference: htt
评论
发表评论