admin管理员组文章数量:1334407
Some of my sites have been flagged by a security scanner as being vulnerable to client-side HTTP parameter pollution. The security department says that this must be fixed. How can I protect against this in WordPress? Any help is greatly appreciated!
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the response within the query string of a URL.
The payload wzx&sfy=1 was submitted in the name of an arbitrarily supplied URL parameter. This input was echoed as wzx&sfy=1 within the "action" attribute of a "form" tag.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary query string parameters into URLs in the application's response.
Request
GET [removed]?wzx%26sfy%3d1=1 HTTP/1.1
Host: [removed]
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Connection: close
Referer: [removed]
Response
HTTP/1.1 200 OK
Date: Thu, 09 Jul 2020 00:44:05 GMT
Server: Apache
Link: <[removed]?p=35>; rel=shortlink
Strict-Transport-Security: max-age=31557600; preload
Vary: Accept-Encoding,User-Agent
X-Frame-Options: SAMEORIGIN
Content-Length: 28294
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ".dtd">
<html xmlns="; lang="en-US" xml:lang="en-US">
<hea
...[SNIP]...
<form method='post' enctype='multipart/form-data' id='gform_1' action='[removed]?wzx&sfy=1=1'>
...[SNIP]...
本文标签: securityClient side HTTP parameter pollution (reflected)
版权声明:本文标题:security - Client side HTTP parameter pollution (reflected) 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742259501a2442247.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论