¡¡¡¡×îÁ÷ÐеÄWordpress×î½üз¢²¼µÄ3.3.1³öÏÖ©¶´ÁË£¬ÏÖÔÚ¹«²¼Ò»Ï©¶´Ï¸½Ú……Quicl’sBlogÒ»Ö±ÔÚ¹Ø×¢×ÅWordpressµÄ©¶´£¬²¢ÇÒͨ¹ýÍøÂçËѼ¯µÚһʱ¼äΪ¹ã´óWordpressÓû§ÌṩWordpress©¶´¡£´ó¼Ò¿ÉÒÔ·ÃÎÊÎҵēµçÄÔÍøÂç”——“ÎÞÏÞÏà¹Ø”ÄÚÈݲéÕÒÓйØÍøÂ簲ȫ¡¢Wordpress²©¿Í©¶´¡¢Wordpress²å¼þ©¶´µÈÐÅϢŶ¡£
¡¡¡¡Â©¶´¹«¸æÔÚÕ⣺www.securityfocus.com/archive/1/521359/30/60/threaded
¡¡¡¡Trustwave·¢²¼µÄ£¬±±¾©ÖªµÀ´´ÓîµÄ¹ÙÍøÒ²ÌùÁ˸ö£ºhttps://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
¡¡¡¡ÏÂÃæÊDZ±¾©Öζ´´ÓîµÄ©¶´Ç鱨£º¿´¿´×îºó¹Ù·½µÄ´ð¸´£¬ÈÏΪ¿ÉÒÔºöÂÔ¡£Trust wave±ÜÇá¾ÍÖØ£¬»¹×¬ÁËÈý¸öCVE£¬ÕâЩ©¶´ÊÇÓг¡¾°µÄ£ºwpû°²×°¹ýµÄÇé¿öϲſÉÒÔ¡£À´Ò»¸ö¸ö¿´Ï¡£
¡¡¡¡µÚÒ»¸ö£ºPHP Code Execution and Persistent Cross Site scripting Vulnerabilities via ‘setup-config.php’ page
¡¡¡¡Trust wave˵wpµÄ°²×°½Å±¾ÎļþÓа²È«·çÏÕ£¬°²×°Ê±¿ÉÒÔʹÓù¥»÷Õß×Ô¼ºµÄÊý¾Ý¿â£¬°²×°ºóµÇ½wpºǫ́£¬Ö÷Ìâ±à¼¿ÉÒÔдÈÎÒâPHP´úÂ룬ȻºóÔ¶³ÌÃüÁîÖ´ÐоÍÊÇÕâÑùÀ´µÄ¡£¶øXSSÊǹ¥»÷Õßͨ¹ýÐÞ¸Ä×Ô¼ºÊý¾Ý¿âÀïµÄÖµ(±ÈÈçÆÀÂÛ¡¢ÎÄÕµÈ)Ϊ¶ñÒâµÄXSS½Å±¾£¬È»ºóÓû§·ÃÎÊwp¾Í»áÖÐÕС£Õâ¸öºÜºÃÀí½â£¬Ö»ÊÇÂú×ãÕâÑù¹¥»÷³¡¾°µÄÌ«ÉÙÁË……ËùÒÔÕâµÚÒ»¸öCVEÌ«ºöÓÆ¡£
¡¡¡¡µÚ¶þ¸ö£ºMultiple Cross Site scripting Vulnerabilities in ‘setup-config.php’ page
¡¡¡¡ÎÒд³öÁËPOCÁË£¬ÔÀíÊDZ±¾©ÖªµÀ´´Óî´óÅ£ÒÔÇ°·¢µÄһƪ¡¶»ùÓÚCSRFµÄXSS¹¥»÷¡·£¬×îеĻ¹ÓÐЧ(¹Ù·½Ó¦¸Ã²»»á·¢²¼²¹¶¡)£¬Ö»ÊÇÕâ¸ö³¡¾°ºÍµÚÒ»¸öÒ»ÑùÉٵĿÉÁ¯……²»¹ýTrust waveÓëwp¹Ù·½µÄÖصãû·ÅÔÚÕâ¡£
ÆÀÂÛ