============================================================
Title: WordPress XSS and HTML injection
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 12/04/2005
Severity: Medium. users can obtain cookies of other users and defacement website
Affected version: <= 1.5
============================================================
============================================================
*Summary
http://wordpress.org. Wordpress is a popular blogging system built on
PHP (the scripting language) and is licensed under the GPL. It is free
software supported by a large and vibrant community of users. You can
use WordPress as a stand-alone application to publish your web log, or
incorporate its functionality into an existing site.
============================================================
*Problem Description:
Bug is in the content and title of post, when not controlling the
entrance of characters, being able to inject HTML code
============================================================
*Example:
Type in the title or content of post
Title: WordPress XSS and HTML injection
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 12/04/2005
Severity: Medium. users can obtain cookies of other users and defacement website
Affected version: <= 1.5
============================================================
============================================================
*Summary
http://wordpress.org. Wordpress is a popular blogging system built on
PHP (the scripting language) and is licensed under the GPL. It is free
software supported by a large and vibrant community of users. You can
use WordPress as a stand-alone application to publish your web log, or
incorporate its functionality into an existing site.
============================================================
*Problem Description:
Bug is in the content and title of post, when not controlling the
entrance of characters, being able to inject HTML code
============================================================
*Example:
Type in the title or content of post
<script>alert(document.cookie)</script>
<iframe src=http://othersite/sb.php>
============================================================
*Fix:
wordpress\wp-includes\template-functions-post.php
function get_the_title($id = 0) {
.
.
.
return $title;
}
replace for by function
function get_the_title($id = 0) {
.
.
.
$sb_convert = $output;
$sb_input = array("<",">","(",")");
$sb_output = array("<",">","(",")");
$output = str_replace($sb_input, $sb_output, $sb_convert);
return $title;
}
function get_the_content($more_link_text = '(more...)', $stripteaser =
0, $more_file = '') {
.
.
.
return $output;
}
replace for by function
function get_the_content($more_link_text = '(more...)', $stripteaser =
0, $more_file = '') {
.
.
.
$sb_convert = $output;
$sb_input = array("<",">","(",")");
$sb_output = array("<",">","(",")");
$output = str_replace($sb_input, $sb_output, $sb_convert);
return $output;
}
============================================================
--
SoulBlack - Security Research
http://www.soulblack.com.ar
[ reply ]