Jika anda menggunakan WordPress dengan beberapa user atau membuka fasilitas registrasi user, maka mohon perhatikan artikel ini. Ada lubang keamanan di WordPress versi 3.2.1 yang memungkinkan pengguna menyisipkan kode XSS ke blog kita. Paling sederhana dia bisa memunculkan sebuah alert di halaman depan, halaman artikel dan halaman category atau archive dimana artikelnya muncul.
Modusnya cukup simple, di awal dia menulis artikel seperti biasa. Setelah anda approve dan artikelnya muncul, maka dia bisa edit artikel itu dan menyisipkan kode javascript. Kodenya bisa macam-macam dong, yang paham soal javascript pasti paham deh hehehe..
Untuk mengatasinya, maka sementara anda edit file post-template.php yang ada di folder wp-include. Ada 3 tempat yang harus dirubah
Vulnerable Code Patch Part 1
function the_title($before = '', $after = '', $echo = true) {
$title = get_the_title();
if ( strlen($title) == 0 )
return;
$title = $before . $title . $after;
if ( $echo )
echo htmlentities($title); /* Line No 52 Patch*/
else
return htmlentities($title); /* Line No 54 Patch*/
}
Vulnerable Code Patch Part 2
function the_title_attribute( $args = '' ) {
$title = get_the_title();
if ( strlen($title) == 0 )
return;
$defaults = array('before' => '', 'after' => '', 'echo' => true);
$r = wp_parse_args($args, $defaults);
extract( $r, EXTR_SKIP );
$title = $before . $title . $after;
$title = esc_attr(strip_tags($title));
if ( $echo )
echo htmlentities($title) ;/* Line No 87 Patch here By adding htmlentities*/
else
return htmlentities($title); /* Line No 89 Patch*/
}
Vulnerable Code Patch Part 3
function get_the_title( $id = 0 ) {
$post = &get_post($id);
$title = isset($post->post_title) ? $post->post_title : '';
$id = isset($post->ID) ? $post->ID : (int) $id;
if ( !is_admin() ) {
if ( !empty($post->post_password) ) {
$protected_title_format = apply_filters('protected_title_format', __('Protected: %s'));
$title = sprintf($protected_title_format, $title);
} else if ( isset($post->post_status) && 'private' == $post->post_status ) {
$private_title_format = apply_filters('private_title_format', __('Private: %s'));
$title = sprintf($private_title_format, $title);
}
}
return htmlentities(apply_filters( 'the_title', $title, $id )); /* Line No 119 Patch*/
}
Kalau bingung anda bisa ambil keseluruhan kode untuk file post-template.php ini disini. Mudah-mudahan cukup membantu dan mudah-mudahan segera ada update dari WordPress.org. Pemberitahuan sudah dikirimkan kok π
Credit for: Darshit Ashara
20 replies on “XSS Vulnerability pada WordPress 3.2.1”
trims infonya, walau web saya gak ditampilkan registrasi user, tetapi tips ini manambah ilmu π
semoga guess post di blog saya belum tau ttg ini π
Alhamdulillah…
Terimakasih atas infonya, Mr. Admin.
Kayaknya msh ada yg error tuh mas, di line 970
pada wp-includes/post-template.php
di wordpress.org ada pluginnya mas,
saya coba langsung fix, praktis.. nama pluginnya “TimThumb Vulnerability Scanner” π
makasih mas adhani dan admin … jadi ketemu solusinya .. π
TimThumb Vulnerability Scanner berbeda dengan tutor di atas mas, plugin tersebut hanya berfungsi untuk mencegah seseorang memanfaatkan celah keamanan di timthumb.php atau thumb.php,,
seperti yang tertuang di artikel
http://wordpress.or.id/lubang-keamanan-di-timthumb.html
maaf, di atas saya salah komen ^^ mungkin karena dulu terlalu banyak membuka multi tab :malu
wau…. keren bisa ketauan celah yang menurut gue agak ribet buat di oprek π
mudah mudahan segera diberesin lagi bugs nya π
setelah saya download wordpress versi ini,widget web saya bermasalah
terima kasih. site saya kebobolan juga
http://indonesiancoffee.net
thanks infonya
itu untuk yg the_content() dan yang lain nya butuh juga ga gan ?
hmm, buat yang part 3 nya aku ga bisa lagi nih.
Selai Kacang
I just want to say I’m beginner to weblog and certainly liked this blog site. Probably Iβm planning to bookmark your blog . You surely come with impressive writings. Thank you for revealing your webpage.
I like the helpful information you provide in your articles. Iβll bookmark your weblog and check again here frequently. I’m quite sure I will learn lots of new stuff right here! Good luck for the next!
Good write-up, Iβm regular visitor of oneβs blog, maintain up the excellent operate, and It’s going to be a regular visitor for a long time.
Superb redistribution having intriguing records. You might want to ensuing to the donate matter!?!
Definitely believe that which you stated. Your favorite reason appeared to be on the net the easiest thing to be aware of. I say to you, I certainly get annoyed while people think about worries that they plainly don’t know about. You managed to hit the nail upon the top and defined out the whole thing without having side-effects , people could take a signal. Will probably be back to get more. Thanks
What i do not understood is actually how you’re not actually much more well-liked than you may be now. You are very intelligent. You realize thus considerably relating to this subject, made me personally consider it from a lot of varied angles. Its like men and women aren’t fascinated unless itβs one thing to do with Lady gaga! Your own stuffs great. Always maintain it up!
I love it when individuals come together and share views. Great website, continue the good work!
Fantastic beat ! I would like to apprentice while you amend your site, how could i subscribe for a blog web site? The account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast provided bright clear idea