WordPress ²å¼þSocial Warfare·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-03-25

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºÔÝÎÞ£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°ÏìÁìÓò


ÊÜÓ°Ïì²úÆ·£º

²å¼þSocial Warfare v3.5.1ºÍv3.5.2


·ì϶¸ÅÊö


Õâ¸ö´æ´¢¿çÕ¾µã¾ç±¾£¨XSS£©·ì϶´æÔÚÓÚWordPress²å¼þ¡°Social Warfare¡±ÖУ¬£¬£¬£¬£¬ËüÔÊÐíÔ¶³Ìδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÖ´Ðд洢ÔÚWordPressÍøÕ¾Êý¾Ý¿âÖеÄJavaScript´úÂë¡£¡£¡£¡£¡£¡£¡£¡£


ÔÚÈ·¶¨Ä¿Ç°Õ¼Óг¬¹ý70,000¶à¸ö×°ÖõÄÒ×Êܹ¥»÷µÄ²å¼þÔÚÒ°±í±»»ý¼«ÀûÓÃÖ®ºó£¬£¬£¬£¬£¬¡°Social Warfare¡±±»´ÓWordPress²å¼þ´æ´¢ÖÐɾ³ý£¬£¬£¬£¬£¬²¢ÔÚ¿ª·¢ÍŶӰ䲼²¹¶¡ÒÔ½¨¸´ºóÔÙÔö³¤»ØÀ´¡£¡£¡£¡£¡£¡£¡£¡£ÏÂͼÀ´×ÔWordPress²å¼þ´æ´¢¿âµÄ²å¼þ¡°Social Warfare¡±µÄÏÂÔغ¹ÇàÐÅÏ¢ÏÔʾµ±Ìì¼Í¼µÄÏÂÔØÁ¿Ô¼ÄªÎª19K£¬£¬£¬£¬£¬µ«ÈÔÓÐÏ൱¶àµÄÍøÕ¾ÈÔʹÓÃÒ×Êܹ¥»÷µÄSocial Warfare°æ±¾¡£¡£¡£¡£¡£¡£¡£¡£


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


ÄúÄܹ»ÔÚ½Ó¼ûÈÕÖ¾ÖвéÕÒÖ¸ÏòÈκÎPHPÎļþ/ wp-admin /µÄÒªÇóÒÔ¼°ÒÔϲÎÊý£º

swp_debug

swp_url

×êÑÐÈËÔ±ÔÚÒ»°Ù¶àÖÖ·ÖÆçµÄIPÖп´µ½ÁË´óÁ¿µÄ·ì϶ÀûÓó¢ÊÔ¡£¡£¡£¡£¡£¡£¡£¡£


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


¹¥»÷Õßͨ¹ý¼ÓÔØÒÔÏÂURL https://pastebin.com/raw/0yJzqbYf×¢Èë¶ñÒâjavascript¾ç±¾£¬£¬£¬£¬£¬ÆäÖÐÔ̺¬´Ë¶ñÒ⸺ÔØ£º


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


´Ë¾ç±¾½«Óû§³Á¶¨Ïòµ½ÁíÒ»¸ö¶ñÒâÕ¾µã¡£¡£¡£¡£¡£¡£¡£¡£


½¨¸´½¨Òé


½¨ÒéËùÓÐʹÓá°Social Warfare¡±²å¼þµÄÕ¾µã¸üÐÂÖÁ×îа汾 v3.5.3£ºhttps://wordpress.org/support/topic/malware-into-new-update/#post-11341492¡£¡£¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/zero-day-wordpress-plugin-vulnerability-used-to-add-malicious-redirects/


https://blog.sucuri.net/2019/03/zero-day-stored-xss-in-social-warfare.html?


utm_source=Twitter&utm_medium=Social&utm_campaign=Blog&utm_term=EN&utm_content=zero-day-stored-xss-in-social-warfare