[wp-hackers] Security Vulnerability found - Forum Post
John Sinteur
john at sinteur.com
Wed Apr 13 15:43:45 GMT 2005
On Apr 13, 2005, at 17:29, Mike Little wrote:
>> In essence, the 'exploit' is that a registered user with posting
>> permission can include any HTML, including javascript or an iframe,
>> in a post title or a post body. This javascript would then be
>> executed or the iframe be visible in any readers browser!
>>
Consider this scenario:
on a weblog, "options - general" the owner has checked: "anyone can
register"
in "options - writing" the owner has checked "Newly registered members:
May submit drafts for review" (or worse "May publish articles" but
let's forget about that for now)
Malicious user registers, writes a draft article, where the javascript
attempts to steal the admin cookie.
Owner logs on, sees a new draft, clicks on it to view, and has just
lost his weblog.
-John
More information about the wp-hackers
mailing list