WordPress Duplicator 0.4.4 Cross Site Scripting

测试方法:

提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

1. Advisory ID: HTB23162
2. Product:DuplicatorWordPressPlugin
3. Vendor:LifeInTheGrid
4. VulnerableVersion(s):0.4.4and probably prior
5. TestedVersion:0.4.4
6. VendorNotification:June19,2013
7. VendorPatch:July21,2013
8. PublicDisclosure:July24,2013
9. VulnerabilityType:Cross-SiteScripting[CWE-79]
10. CVE Reference: CVE-2013-4625
11. RiskLevel:Low
12. CVSSv2BaseScore:2.6(AV:N/AC:H/Au:N/C:N/I:P/A:N)
13. SolutionStatus:FixedbyVendor
14. DiscoveredandProvided:High-TechBridgeSecurityResearchLab( https://www.htbridge.com/advisory/ )
15. -----------------------------------------------------------------------------------------------
16. AdvisoryDetails:
17. High-TechBridgeSecurityResearchLab discovered XSS vulnerability inDuplicatorWordPress plugin, which can be exploited to perform cross-site scripting attacks against vulnerable application.
18. 1)Cross-SiteScripting(XSS)inDuplicatorWordPressPlugin: CVE-2013-4625
19. The vulnerability exists due to insufficient filtration of user-supplied data in"package" HTTP GET parameter passed to "/wp-content/plugins/duplicator/files/installer.cleanup.php" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
20. The exploitation example below uses the "alert()"JavaScriptfunction to display administrator's cookies:
21. http://[host]/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
22. -----------------------------------------------------------------------------------------------
23. Solution:
24. Upgrade to Duplicator 0.4.5
25. More Information:
26. http://support.lifeinthegrid.com/knowledgebase.php?article=20
27. -----------------------------------------------------------------------------------------------
28. References:
29. [1] High-Tech Bridge Advisory HTB23162 - https://www.htbridge.com/advisory/HTB23162 - Cross-Site Scripting (XSS) in Duplicator WordPress Plugin.
30. [2] Duplicator WordPress Plugin - http://lifeinthegrid.com/labs/duplicator/ - This free plugin available at wordpress.org is a powerful tool you can use to rapidly clone and deploy any WordPress site.
31. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
32. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.