wordpress - Why can't this PHP code be exploited? -


community,

i reviewing wordpress theme vulnerabilities , believe have stumbled upon one, reason not executing entire script or something.

here code:

<span style="display: none;" id="hooks"><?php echo json_encode(of_get_header_classes_array()); ?></span> <input type="hidden" id="reset" value="<?php if(isset($_request['reset'])) echo $_request['reset']; ?>" />

but reason, script stops executing , prints of code, here source looks like:

<span style="display: none;" id="hooks">

and never closes span tag. wondering why happening.

this function:

function of_get_header_classes_array()  {  global $of_options;  foreach ($of_options $value)  {     if ($value['type'] == 'heading')         $hooks[] = str_replace(' ','',strtolower($value['name']));   }  return $hooks; }

anyone know why can't perform xss inject code $_request['reset'] ?

i guessing hitting error inside of of_get_header_classes_array. check error log , make sure error_reporting turned on?

as exploitable, there might validation on reset param earlier in code. if there absolutely no validation can go town on it.


Comments

Post a Comment

Popular posts from this blog

ios - iPhone/iPad different view orientations in different views , and apple approval process -

i force app's home screen portrait , other views landscape. apple rejects app if this? if not , how force first screen launch in portrait mode? , force other screens launch in landscape. this not duplicate question search every possible answer in website. i force app's home screen portrait , other views landscape. apple rejects app if this? no apple not reject app this. have lot of apps doesn't support orientation. forcing on 1 screen won't cause app reject. if not , how force first screen launch in portrait mode? , force other screens launch in landscape. can on write : -(nsuinteger)supportedinterfaceorientations; function.
Read more

java Extracting Zip file -

i'm looking way extract zip file. far have tried java.util.zip , org.apache.commons.compress, both gave corrupted output. basically, input zip file contain 1 single .doc file. java.util.zip: output corrupted. org.apache.commons.compress: output blank file, 2 mb size. so far commercial software winrar work perfectly. there java library make use of this? this method using java.util library: public void extractzipnative(file filezip) { zipinputstream zis; stringbuilder sb; try { zis = new zipinputstream(new fileinputstream(filezip)); zipentry ze = zis.getnextentry(); byte[] buffer = new byte[(int) ze.getsize()]; fileoutputstream fos = new fileoutputstream(this.tempfolderpath+ze.getname()); int len; while ((len=zis.read(buffer))>0) { fos.write(buffer); } fos.flush(); fos.close(); } catch (filenotfoundexception e) { // todo auto-generated catch block ...
Read more

php - HTTP_REFERER woes: How can I allow access to a specific page, only when a visitor has visited another specific page beforehand? -

php newbie here, struggling crazy head around how go implementing http_referer-based security feature woefully inept downloads system. basically, have file download pages have specific string appended end of url, specific string being: ?thanks if visible in url, users able download file situated on it. works great, it's easy 'unlock' page adding '?thanks' part onto url themselves. allowing users bypass clumsy security , access premium files ease. if possible, i'd add security measure whereby attempting access page containing string '?thanks' did not arrive page containing '?pending' redirected homepage. make perfect solution me. just clarity, typical pre-download process goes this: user visits download page: [website]/download/page/123/ user completes recaptcha, gets redirected here: [website]/download/page/123/?pending user fills in details, gets redirected here: [website]/download/page/123/?thanks user receives file long-...
Read more