lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060214231538.11670.qmail@securityfocus.com>
Date: 14 Feb 2006 23:15:38 -0000
From: addmimistrator@...il.com
To: bugtraq@...urityfocus.com
Subject: [myimei]WordPress2.0.0~autorswebsite~XSS attack


>>>>original advisory<<<<<
http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html#more-14
>>>>><<<<<>>>>>><<<<<>>>>
——————-Summary—————-
Software: WordPress
Sowtware’s Web Site: http://www.wordpress.org
Versions: 2.0.0
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: <strong>imei addmimistrator</strong>
Risk Level: <strong>Low</strong>
—————–Description—————
There is some security bug in most poweful and common Blog Software, WordPress 2.0.0 (latest version) that allows attacker performe an <strong>XSS</strong> attack.<!--more--> bug is in result of poor checking quotations for user suplied variables in author's website for not logged in users.
————–Exploit———————-
Here is an example, but a good scenario can exploit better.
goto a post,comment section
fill all fields correctly, but <strong>author's website</strong>:
<strong>" onfocus="alert(1)" onblur="alert(1)</strong>
note to first coutation and loosed qoutation at end {for good exploit}
any user that want to fill author website's field an alert will show;
————–Solution———————
Disable Comments for posts while vendor not provided patch.
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com
security.myimei.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ