Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Advisory - Redirection Vulnerability in wp-login.php.
From: Metaeye SG <contact () metaeye org>
Date: Tue, 20 Mar 2007 20:31:03 +0530
Vendor
------
Wordpress (http://www.wordpress.org).

Severity
--------
Moderate.

Dated
-----
03 March 2007.

Versions Affected
-----------------
All.

Issue
-----

The wp-login.php page redirects a user to arbitrary page after
successful login by setting the redirect_to url parameter.

For example if a user logins successfully with his credentials
on the following page

http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in

He will be redirected to www.google.co.in.

Impact
------

This can lead to credentials stealing. Also cookie stealing
is possible coupled with some browser bugs.

Vendor Status
-------------
Reported on 03 March 2007. Fix will be made available in next version.

--
MSG // http://www.metaeye.org

  By Date           By Thread  

Current thread:
  • Advisory - Redirection Vulnerability in wp-login.php. Metaeye SG (Mar 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]