亘古

SEC Consult Vulnerability Lab Security Advisory < 20110701-0 >
=======================================================================
title: Multiple SQL Injection Vulnerabilities
product: WordPress
vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions
fixed version: 3.1.4/3.2-RC3
impact: Medium
homepage: http://wordpress.org/
found: 2011-06-21
by: K. Gudinavicius
SEC Consult Vulnerability Lab

https://www.sec-consult.com

=======================================================================

Vendor description:
——————-
“WordPress was born out of a desire for an elegant, well-architectured
personal publishing system built on PHP and MySQL and licensed under
the GPLv2 (or later). It is the official successor of b2/cafelog.
WordPress is fresh software, but its roots and development go back to
2001.”

Source: http://wordpress.org/about/

Vulnerability overview/description:
———————————–
Due to insufficient input validation in certain functions of WordPress
it is possible for a user with the “Editor” role to inject arbitrary
SQL commands. By exploiting this vulnerability, an attacker gains
access to all records stored in the database with the privileges of the
WordPress database user.
(更多…)

今天，闲来没事，就到订阅的BLOG去逛了逛，当逛到陈成的博客时，发现一个好东东，呵呵。下面就是言冬发现的好东东“CSS 溢出检测脚本”了。

使用很简单，只要在地址栏运行以下脚本即可。

文本＋图片

1

javascript:(function(){var f=[],h=document;(function(n){var p=arguments.callee,l=n.childNodes,m=0,k=l.length;for(;m<k;m++){var o=l[m];if(o.nodeType===1){p(o)}else{if(o.nodeType===3){f.push(o)}}}})(h.body);for(var d=0;d<f.length;d++){var b=f[d],j=b.nodeValue.replace(/^\s+|\s+$/g,""),c=h.createTextNode(j);if(j!==""&&j.length!==1){b.parentNode.insertBefore(c,b)}}var g=document.images,a=0,e=g.length;for(;a<e;a++){g[a].src="http://www.yoobao.com/shoppic/2010410425118938.jpg"}})();

只文本

1

javascript:(function(){var list=[],doc=document;(function(parent){var func=arguments.callee,nodes=parent.childNodes,i=0,len=nodes.length;for(;i<len;i++){var node=nodes[i];if(node.nodeType===1){func(node);}else if(node.nodeType===3){list.push(node);}}})(doc.body);for(var i=0;i<list.length;i++){var node=list[i],value=node.nodeValue.replace(/^\s+|\s+$/g,''),tmpNode=doc.createTextNode(value);if(value!==''&&value.length!==1){node.parentNode.insertBefore(tmpNode,node);}}})();

只图片

1

javascript:(function(){var images=document.images,n=0,len=images.length;for(;n<len;n++){images[n].src='http://www.yoobao.com/shoppic/2010410425118938.jpg';}})();

最后，友情提示下：

此工具不可滥用，并非所有地方都要考虑溢出的扩展性。

原文地址：http://www.chencheng.org/blog/archives/css-overflow-test-script.html

这里我用的是引入WP的本地Jquery库做的例子。多了就不说了，直接上代码：

1
2
3
4
5

<script src=http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js></script>
<script>
//判断是否成功将Jquery库引入，如果没有成功引入则引入本地Jquery库
if (typeof jQuery == 'undefined') {document.write("<script type=\"text/javascript\" src=\"<?php bloginfo('template_url'); ?>/js/jquery.min.js\"><\/script>");}
</script>