From f17b4da67463fb333ebba5f2ea71162b81822bea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:47:01 +0000 Subject: [PATCH 01/11] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20Exit=20Strategy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/.keep diff --git a/cve/Exit Strategy/.keep b/cve/Exit Strategy/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From ae672e33bdeb17c10682bfa17cd8f34e183a78d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:47:23 +0000 Subject: [PATCH 02/11] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2013-10025?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/CVE-2013-10025/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/CVE-2013-10025/.keep diff --git a/cve/Exit Strategy/CVE-2013-10025/.keep b/cve/Exit Strategy/CVE-2013-10025/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 74594a647b8901d6243f40dd4fe4f6f52204fd5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:48:19 +0000 Subject: [PATCH 03/11] add cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- .../CVE-2013-10025/CVE-2013-10025.php | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php diff --git a/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php b/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php new file mode 100644 index 00000000..d0ee8f03 --- /dev/null +++ b/cve/Exit Strategy/CVE-2013-10025/CVE-2013-10025.php @@ -0,0 +1,42 @@ +@@ -3,18 +3,21 @@ +/** + * @package Wordpress Exit Strategy + * @author Bouzid Nazim Zitouni + * @version 1.55 + * @version 1.59 + */ +/* +Plugin Name: Wordpress Exit Strategy +Plugin URI: http://angrybyte.com/wordpress-plugins/wordpress-exit-strategy/ +Description: Exit Strategy will pass all outgoing links from your site through a nofollow link to an exit page before finally being redirected to the external link. You may place anything in your exit page: Ads, Subscribtion buttons, etc. Using Wordpress Exit Strategy you improve your SEO score by not linking directly to external pages, you get more subscribers & more revenues if you use Ads. +Author: Bouzid Nazim Zitouni +Version: 1.55 +Version: 1.59 +Author URI: http://angrybyte.com +*/ + + +if(!function_exists('add_action')){ + echo ""; // someone is trying to run the plugin directly, added to avoid full path disclosure. + die; +} +add_option("exitpagecontents", + 'Thank you for your visit, You`ll be redirected in %n% seconds
Click here if you are not redirected automatically', + 'Contents of the Exit page', 'yes'); +@@ -35,7 +38,7 @@ function exitpageadmin() +function exit_page_admin() +{ + + if ($_POST['xx']) + if (($_POST["xx"])&& (is_admin())&& check_admin_referer( 'exit_strategy_save', 'exit_strategy_nonce' )) + { + update_option('exitpagecontents', $_POST['xx']); + update_option('redirecttoparent', $_POST['redirectpar']); +@@ -83,7 +86,7 @@ function exit_page_admin() + { + echo ""; + } + + wp_nonce_field( 'exit_strategy_save','exit_strategy_nonce' ); + echo <<< EOFT +
-- Gitee From cc49df309bc533b41a074d25d497c9475b6c1113 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:48:51 +0000 Subject: [PATCH 04/11] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/Exit=20Strategy/CVE-2013-10025/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/CVE-2013-10025/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/Exit Strategy/CVE-2013-10025/.keep diff --git a/cve/Exit Strategy/CVE-2013-10025/.keep b/cve/Exit Strategy/CVE-2013-10025/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 9a6f9fb5017a16d6a12b5e720ddd4419b62ea5d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:50:39 +0000 Subject: [PATCH 05/11] add cve/Exit Strategy/CVE-2013-10025/READ ME.md. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/Exit Strategy/CVE-2013-10025/READ ME.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/CVE-2013-10025/READ ME.md diff --git a/cve/Exit Strategy/CVE-2013-10025/READ ME.md b/cve/Exit Strategy/CVE-2013-10025/READ ME.md new file mode 100644 index 00000000..e69de29b -- Gitee From c9c2bd453d977bad675c15c176fc22c1d97dd7eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:50:51 +0000 Subject: [PATCH 06/11] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/Exit=20Strategy/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/Exit Strategy/.keep diff --git a/cve/Exit Strategy/.keep b/cve/Exit Strategy/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 9731884de359db82f31c952513f0ce09f6d09aad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:50:56 +0000 Subject: [PATCH 07/11] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/yaml/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/yaml/.keep diff --git a/cve/Exit Strategy/yaml/.keep b/cve/Exit Strategy/yaml/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 48a2dbb4faf466f587be20245c283a1e67791575 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:51:23 +0000 Subject: [PATCH 08/11] add cve/Exit Strategy/yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/Exit Strategy/yaml/CVE-2013-10025.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/Exit Strategy/yaml/CVE-2013-10025.yaml diff --git a/cve/Exit Strategy/yaml/CVE-2013-10025.yaml b/cve/Exit Strategy/yaml/CVE-2013-10025.yaml new file mode 100644 index 00000000..e69de29b -- Gitee From 22246a0ad304fc0eb8427adf20cac1c27eeb0465 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:55:38 +0000 Subject: [PATCH 09/11] update cve/Exit Strategy/yaml/CVE-2013-10025.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- cve/Exit Strategy/yaml/CVE-2013-10025.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/cve/Exit Strategy/yaml/CVE-2013-10025.yaml b/cve/Exit Strategy/yaml/CVE-2013-10025.yaml index e69de29b..6206c59f 100644 --- a/cve/Exit Strategy/yaml/CVE-2013-10025.yaml +++ b/cve/Exit Strategy/yaml/CVE-2013-10025.yaml @@ -0,0 +1,21 @@ +id: CVE-2013-10025 +source: https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac +info: + name: Exit Strategy Plugin 1.55 + severity: medium + description: | + 在Exit Strategy Plugin 1.55中发现一个漏洞,并将其归类为有问题。受此问题影响的是文件exitpage.php中的函数exitpageadmin。该操作会导致跨站请求伪造。该攻击可能是远程发起的。升级到1.59版本能够解决这个问题。 + scope-of-influence: + Docker 20.10.15, build fd82621 + reference: + - https://github.com/wp-plugins/exit-strategy/commit/d964b8e961b2634158719f3328f16eda16ce93ac + - https://vuldb.com/?ctiid.225266 + - https://vuldb.com/?id.225266 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2013-10025 + cwe-id: CWE-352 + cnvd-id: None + kve-id: None + tags: Exit Strategy \ No newline at end of file -- Gitee From 15029974a7c8ac3f7a0f2551853925ec602e66ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:55:47 +0000 Subject: [PATCH 10/11] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/Exit=20Strategy/yaml/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Exit Strategy/yaml/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/Exit Strategy/yaml/.keep diff --git a/cve/Exit Strategy/yaml/.keep b/cve/Exit Strategy/yaml/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 93021199397d027498d3007b58528c5fca28e213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E4=B8=80=E5=90=8D?= Date: Tue, 11 Apr 2023 07:57:09 +0000 Subject: [PATCH 11/11] update other_list.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 王一名 --- other_list.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/other_list.yaml b/other_list.yaml index ede901d9..1a41f3fc 100644 --- a/other_list.yaml +++ b/other_list.yaml @@ -58,5 +58,7 @@ cve: - CVE-2022-30525 WordPress: - CVE-2019-8942 + Exit Strategy: + - CVE-2013-10025 cnvd: -- Gitee