lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <45FFF6C3.8060003@metaeye.org> Date: Tue, 20 Mar 2007 20:29:15 +0530 From: Metaeye SG <contact@...aeye.org> To: full-disclosure@...ts.grok.org.uk Subject: Advisory - Redirection Vulnerability in wp-login.php. Vendor ------ Wordpress (http://www.wordpress.org). Severity -------- Moderate. Dated ----- 03 March 2007. Versions Affected ----------------- All. Issue ----- The wp-login.php page redirects a user to arbitrary page after successful login by setting the redirect_to url parameter. For example if a user logins successfully with his credentials on the following page http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in He will be redirected to www.google.co.in. Impact ------ This can lead to credentials stealing. Also cookie stealing is possible coupled with some browser bugs. Vendor Status ------------- Reported on 03 March 2007. Fix will be made available in next version. -- MSG // http://www.metaeye.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/