Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Wordpress default theme XSS (admin) and other problems Jun 08 2007 01:15PM
John Smith (zamolx3 gmail com)
There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2

Filename functions.php, line 387.
Code:

<form style="display: inline" method="post" name="hicolor"
id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">

$_SERVER['REQUEST_URI'] is directly echoed to the user.
...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus