| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f4cd4c010612300933u6158edf2y334594c11af233ef@mail.gmail.com> Date: Sat, 30 Dec 2006 17:33:51 +0000 From: "David Kierznowski" <david.kierznowski@...il.com> To: codeshepherd@...il.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: WordPress Persistent XSS Deepan, Please see my most recent post: http://michaeldaw.org/md-hacks/wordpress-templatephp-exploit/ David On 30/12/06, Deepan <codeshepherd@...il.com> wrote: > On Wed, 2006-12-27 at 09:33 +0000, David Kierznowski wrote: > > Vulnerability Title: WordPress Persistent XSS > > Author: David Kierznowski > > Homepage: http://michaeldaw.org > > Software Vendor: WordPress Persistent XSS > > Versions affected: Confirmed in v2.0.5 (latest) > > > > See homepage for more details. > > > > WordPress was contacted: 26/12/06 22:04 BST > > Reply received: 27/12/06 06:11 BST > > WordPress has fixed this for v2.0.6, see > > http://trac.wordpress.org/changeset/4665 > > > Dont you need admin privileges to access the templates.php url ? > I am overseeing anything ? > > > > -- > ----------------------------------------------- > Regards > Deepan Chakravarthy N > http://www.codeshepherd.com/ > http://sudoku-solver.net/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists