Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com
From: Andrew Farmer <andfarm () gmail com>
Date: Tue, 13 Nov 2007 18:47:32 -0800

On 13 Nov 07, at 18:08, XSS Worm XSS Security Information Portal wrote:
We have looked at coding for wp-slimstat but we cannot see any  
problem with
input validating. Maybe some of the xssworm.com readers can show us  
where
problem is in the php code because we cannot see any porblem here:

OK, I'll bite...

<snip>
href="?page='.$_GET['page'].'&panel='.$_GET["panel"].'">'.__('Reset
filters', 'wp-slimstat').'</a>':").'
<input type="hidden" name="page" value="'.$_GET['page'].'" />
<input type="hidden" name="panel" value="'.$_GET["panel"].'" />
<input type="hidden" name="fd" value="'.$_GET["fd"].'" /></form>';

Those all look like you could escape from the tag attribute with a  
well-placed double quote, assuming that there's no preprocessing on  
$_GET.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]