Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
Wordpress All versions XSS
May 02 2007 12:11AM
jcarlos norte gmail com
Advisory by Jose Carlos Norte
Wordpress is vulnerable to XSS attacks when custom 404 pages are used by the template.
The problem (sidebar.php):
<form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>">
if wordpress template use custom 404 pages, like:
<?php get_header(); ?>
<div id="content" class="narrowcolumn">
<h2 class="center">Error 404 - Not Found</h2>
</div>
<?php get_sidebar(); ?>
$_SERVER['PHP_SELF']; can contain special characters to break out html and perform XSS attacks, example:
http://www.example.com/index.php/"><script>alert(document.cookie)</scrip
t>
if no custom 404 page set by wordpress theme this attacks is not posible.
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Wordpress is vulnerable to XSS attacks when custom 404 pages are used by the template.
The problem (sidebar.php):
<form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>">
if wordpress template use custom 404 pages, like:
<?php get_header(); ?>
<div id="content" class="narrowcolumn">
<h2 class="center">Error 404 - Not Found</h2>
</div>
<?php get_sidebar(); ?>
$_SERVER['PHP_SELF']; can contain special characters to break out html and perform XSS attacks, example:
http://www.example.com/index.php/"><script>alert(document.cookie)</scrip
t>
if no custom 404 page set by wordpress theme this attacks is not posible.
[ reply ]