XSS Vulnerability pada WordPress 3.2.1

Jika anda menggunakan WordPress dengan beberapa user atau membuka fasilitas registrasi user, maka mohon perhatikan artikel ini. Ada lubang keamanan di WordPress versi 3.2.1 yang memungkinkan pengguna menyisipkan kode XSS ke blog kita. Paling sederhana dia bisa memunculkan sebuah alert di halaman depan, halaman artikel dan halaman category atau archive dimana artikelnya muncul.

Modusnya cukup simple, di awal dia menulis artikel seperti biasa. Setelah anda approve dan artikelnya muncul, maka dia bisa edit artikel itu dan menyisipkan kode javascript. Kodenya bisa macam-macam dong, yang paham soal javascript pasti paham deh hehehe..

Untuk mengatasinya, maka sementara anda edit file post-template.php yang ada di folder wp-include. Ada 3 tempat yang harus dirubah

Vulnerable Code Patch Part 1

function the_title($before = '', $after = '', $echo = true) {
  $title = get_the_title();

  if ( strlen($title) == 0 )
    return;

  $title = $before . $title . $after;

  if ( $echo )
    echo htmlentities($title); /* Line No 52 Patch*/
  else
    return htmlentities($title); /* Line No 54 Patch*/
}

Vulnerable Code Patch Part 2

function the_title_attribute( $args = '' ) {
  $title = get_the_title();

  if ( strlen($title) == 0 )
    return;

  $defaults = array('before' => '', 'after' =>  '', 'echo' => true);
  $r = wp_parse_args($args, $defaults);
  extract( $r, EXTR_SKIP );

  $title = $before . $title . $after;
  $title = esc_attr(strip_tags($title));

  if ( $echo )
    echo htmlentities($title) ;/* Line No 87 Patch here By adding htmlentities*/
  else
    return htmlentities($title); /* Line No 89 Patch*/
}

Vulnerable Code Patch Part 3

function get_the_title( $id = 0 ) {
  $post = &get_post($id);

  $title = isset($post->post_title) ? $post->post_title : '';
  $id = isset($post->ID) ? $post->ID : (int) $id;

  if ( !is_admin() ) {
    if ( !empty($post->post_password) ) {
      $protected_title_format = apply_filters('protected_title_format', __('Protected: %s'));
      $title = sprintf($protected_title_format, $title);
    } else if ( isset($post->post_status) && 'private' == $post->post_status ) {
      $private_title_format = apply_filters('private_title_format', __('Private: %s'));
      $title = sprintf($private_title_format, $title);
    }
  }
  return htmlentities(apply_filters( 'the_title', $title, $id )); /* Line No 119 Patch*/
}

Kalau bingung anda bisa ambil keseluruhan kode untuk file post-template.php ini disini. Mudah-mudahan cukup membantu dan mudah-mudahan segera ada update dari WordPress.org. Pemberitahuan sudah dikirimkan kok πŸ™‚

Credit for: Darshit Ashara

Dicari dengan kata kunci:

wordpress vulnerability,wordpress 3 2 1 exploit,vulnerability,bug wordpress 3 2 1,exploit wordpress 3 2 1,xss wordpress,vulnerability wordpress,exploit wordpress,XSS Vulnerability,wordpress 3 2 1 vulnerability

20 thoughts on “XSS Vulnerability pada WordPress 3.2.1

  1. adhani

    di wordpress.org ada pluginnya mas,
    saya coba langsung fix, praktis.. nama pluginnya “TimThumb Vulnerability Scanner” πŸ™‚

  2. content

    I just want to say I’m beginner to weblog and certainly liked this blog site. Probably I’m planning to bookmark your blog . You surely come with impressive writings. Thank you for revealing your webpage.

  3. Yoshie Mand

    I like the helpful information you provide in your articles. I’ll bookmark your weblog and check again here frequently. I’m quite sure I will learn lots of new stuff right here! Good luck for the next!

  4. Willian Lebario

    Good write-up, I’m regular visitor of one’s blog, maintain up the excellent operate, and It’s going to be a regular visitor for a long time.

  5. Wilbur Geronimo

    Definitely believe that which you stated. Your favorite reason appeared to be on the net the easiest thing to be aware of. I say to you, I certainly get annoyed while people think about worries that they plainly don’t know about. You managed to hit the nail upon the top and defined out the whole thing without having side-effects , people could take a signal. Will probably be back to get more. Thanks

  6. Brianna Gelfond

    What i do not understood is actually how you’re not actually much more well-liked than you may be now. You are very intelligent. You realize thus considerably relating to this subject, made me personally consider it from a lot of varied angles. Its like men and women aren’t fascinated unless it’s one thing to do with Lady gaga! Your own stuffs great. Always maintain it up!

  7. Marylouise Gunder

    Fantastic beat ! I would like to apprentice while you amend your site, how could i subscribe for a blog web site? The account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast provided bright clear idea

Comments are closed.