Wordpress <= v2.1.0



If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques.

More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt



Relevant Pages

  • RE: Wordpress <= v2.1.0
    ... If you're logged in into wordpress as an admin, ... exploited using XSRF techniques. ... More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt ...
    (Bugtraq)
  • [waraxe-2004-SA#010 - Multiple vulnerabilities in Error Manager v2.1 for PhpNuke]
    ... This Error Manager is made by Gijza.net ... Admin CP is also included in this version. ... This will lead of course to XSS conditions: ... and therefore admin can find potential bugs on site and of course this logging feature will reveale to ...
    (Bugtraq)
  • [Full-disclosure] Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit
    ... There is a serious holes in wordpress 2.3 that can be used with XSS by a ... blackhat hacker to attack the wordpress administrator and steal cookies from ... This attack is known as 0day because it has just been reported to ...
    (Full-Disclosure)
  • [UNIX]Wordpress user_login Column SQL Truncation Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Wordpress user_login Column SQL Truncation Vulnerability ... determining the admin password. ... An analysis revealed that a problem occurs in the password reset. ...
    (Securiteam)
  • RE: xss....what next???
    ... IMHO (but thanks must go to rsnake for his xss guide), ... make use of an admin user's escalated privilege - i.e. you get a website ... Picking the easy wins in a time limited test is where web app testing ... Insight Consulting, part of Siemens Communications, is a leading specialist provider of services and solutions for security, continuity, compliance and identity management. ...
    (Pen-Test)