Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com
From: Andrew Farmer <andfarm () gmail com>
Date: Tue, 13 Nov 2007 18:47:32 -0800

On 13 Nov 07, at 18:08, XSS Worm XSS Security Information Portal wrote:
We have looked at coding for wp-slimstat but we cannot see any  
problem with
input validating. Maybe some of the xssworm.com readers can show us  
problem is in the php code because we cannot see any porblem here:

OK, I'll bite...

filters', 'wp-slimstat').'</a>':").'
<input type="hidden" name="page" value="'.$_GET['page'].'" />
<input type="hidden" name="panel" value="'.$_GET["panel"].'" />
<input type="hidden" name="fd" value="'.$_GET["fd"].'" /></form>';

Those all look like you could escape from the tag attribute with a  
well-placed double quote, assuming that there's no preprocessing on  

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]