cielkong | wordpress相关 | 2011年09月24日wordpress 3.2.1最新漏洞
近日,公司一个博客被人挂了黑链,在博客后台发现了模板文件被修改了.于是赶紧搜索wordpress最新版暴出的漏洞,便将处理过程记录如下.
WordPress核心模块不正确的代码(post-template.php)
导致跨站点脚本。
笔者可以简单地更新
view plaincopy to clipboardprint?
</a><script>alert(’1′);</script><a>
</a><script>alert(’1′);</script><a>
都会给给索引页和后页的造成影响。
在网上搜索到的处理方法如下:
/*This will page XSS in Index Page*/
Vulnerable Code Part 1
function the_title($before = '', $after = '', $echo = true) {
$title = get_the_title();
if ( strlen($title) == 0 )
return;
$title = $before . $title . $after;
if ( $echo )
echo htmlentities($title); /* Line No 52 Patch*/
else
return htmlentities($title); /* Line No 54 Patch*/
}
Vulnerable Code Part 2
function the_title_attribute( $args = '' ) {
$title = get_the_title();
if ( strlen($title) == 0 )
return;
$defaults = array('before' => '', 'after' => '', 'echo' => true);
$r = wp_parse_args($args, $defaults);
extract( $r, EXTR_SKIP );
$title = $before . $title . $after;
$title = esc_attr(strip_tags($title));
if ( $echo )
echo htmlentities($title) ;/* Line No 87 Patch here By adding htmlentities*/
else
return htmlentities($title); /* Line No 89 Patch*/
}
/*This will Patch XSS in Post page*/
Vulnerable Code Part 3
function get_the_title( $id = 0 ) {
$post = &get_post($id);
$title = isset($post->post_title) ? $post->post_title : '';
$id = isset($post->ID) ? $post->ID : (int) $id;
if ( !is_admin() ) {
if ( !emptyempty($post->post_password) ) {
$protected_title_format = apply_filters('protected_title_format', __('Protected: %s'));
$title = sprintf($protected_title_format, $title);
} else if ( isset($post->post_status) && 'private' == $post->post_status ) {
$private_title_format = apply_filters('private_title_format', __('Private: %s'));
$title = sprintf($private_title_format, $title);
}
}
return htmlentities(apply_filters( 'the_title', $title, $id )); /* Line No 119 Patch*/
}然而由于被挂黑链的网站是西语网站,有很多特殊的字母,造成修改以后博客内容显示不正常.
在经过考虑后,将htmlentities 使用 trap_tags 替代.最终完美解决wordpress最新版被挂黑链的问题.
随机文章
3条评论▼
很不错 学到东西了
最近被挂黑链的博客真不少呢
过来看看,增加一些人气~~