Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Wordpress default theme XSS (admin) and other problems
From: "John Smith" <zamolx3 () gmail com>
Date: Fri, 8 Jun 2007 16:15:38 +0300

There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2

Filename functions.php, line 387.

<form style="display: inline" method="post" name="hicolor"
id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">

$_SERVER['REQUEST_URI'] is directly echoed to the user.

This problem can be exploited if the adminstrator is logged in.

Sample exploit URL.

There are other XSS vulnerabilities in popular Wordpress themes.
More details on http://www.xssnews.com/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Wordpress default theme XSS (admin) and other problems John Smith (Jun 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]