Bugtraq: [myimei]WordPress2.0.0~autorswebsite~XSS attack

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

[myimei]WordPress2.0.0~autorswebsite~XSS attack

From: addmimistrator () gmail com
Date: 14 Feb 2006 23:15:38 -0000

original advisory<<<<<

http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html#more-14

<<<<<>>>>>><<<<<>>>>

-Summary-
Software: WordPress
Sowtwares Web Site: http://www.wordpress.org
Versions: 2.0.0
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: <strong>imei addmimistrator</strong>
Risk Level: <strong>Low</strong>
Description
There is some security bug in most poweful and common Blog Software, WordPress 2.0.0 (latest version) that allows 
attacker performe an <strong>XSS</strong> attack.<!--more--> bug is in result of poor checking quotations for user 
suplied variables in author's website for not logged in users.
Exploit-
Here is an example, but a good scenario can exploit better.
goto a post,comment section
fill all fields correctly, but <strong>author's website</strong>:
<strong>" onfocus="alert(1)" onblur="alert(1)</strong>
note to first coutation and loosed qoutation at end {for good exploit}
any user that want to fill author website's field an alert will show;
Solution
Disable Comments for posts while vendor not provided patch.
Credit
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com
security.myimei.com

By Date By Thread

Current thread:

[myimei]WordPress2.0.0~autorswebsite~XSS attack addmimistrator (Feb 15)