# Exploit Title: WordPress version 3.9.1 “Add an About page” persistent XSS.
# Date: 21/06/14
# Exploit Author: VipVince
# Vendor Homepage: http://wordpress.org/
# Software Link: http://wordpress.org/wordpress-3.9.1.zip
# Version: 3.9.1
# Tested on: Windows
More input bugs on this version of WordPress, what where they thinking?
# Date: 21/06/14
# Exploit Author: VipVince
# Vendor Homepage: http://wordpress.org/
# Software Link: http://wordpress.org/wordpress-3.9.1.zip
# Version: 3.9.1
# Tested on: Windows
More input bugs on this version of WordPress, what where they thinking?
Exploit:
Log into the Admin CP.
Go to the Dashboard
Click “Add an About page”.
In the “Enter title here” form, add your vector: <script>alert(1)</script>
Click “Publish”.
You will then see “Page published. View page”
Click “View page”.
It will take you to a link like below:
http://wordpress_domain/?page_id=19
You will get your persistent XSS pop up.
Happy bug hunting. Tsk tsk WordPress.
Log into the Admin CP.
Go to the Dashboard
Click “Add an About page”.
In the “Enter title here” form, add your vector: <script>alert(1)</script>
Click “Publish”.
You will then see “Page published. View page”
Click “View page”.
It will take you to a link like below:
http://wordpress_domain/?page_id=19
You will get your persistent XSS pop up.
Happy bug hunting. Tsk tsk WordPress.
本及测试过程如下:
1、进入后台,点击“页面”—->“新建页面”
2、将新建页面的标题设为跨站代码,内容随意。
如将标题设为:
<script>alert(1)</script>
3、保存页面,访问页面的固定链接就可以看到触发了xss代码。如访问我新建的页面:http://www.jinglingshu.wiki/?page_id=7243。
可以看到xss代码已经触发了。当然如果你选择的主题在首页要展示页面的标题,那么访问首页时也会触发xss代码。如我用的这个主题,将页面的标题在上面显示了,因此我访问任何页面都会触发xss代码。
ps:不过这个xss漏洞有点鸡肋,因为只有“编辑”和“管理员”两类用户才可以修改页面。因此,只要是编辑权限才可以利用此漏洞。
转载请注明:jinglingshu的博客 » WordPress 3.9.1 – Page Persistent XSS