[wp-hackers] Reputed XSS issue with WordPress (templates.php)
robin.adr at gmail.com
Tue Feb 13 16:02:43 GMT 2007
That's hardly a security problem... if someone has the ability to edit
files, they can do much more than that.
On 2/13/07, Alex Günsche <ag.ml2007 at zirona.com> wrote:
> Today, SecurityFocus reports a Cross-Site Scripting vulnerability for
> WordPress (http://www.securityfocus.com/bid/22534).
> However, (at least in my opinion) this is not a real security issue,
> because a user who wants to execute the URL given in the PoC exploit
> code must be logged in and have at least the capability to edit files.
> If the user is not logged in, he will be asked to do so; if he doesn't
> have the capabilities to edit files, the script will abort immediately.
> Please see wp-admin/templates.php, ll. 37-60, especially ll. 40-41.
> So, it might be possible that a user can inject JS via the URL as
> displayed in the PoC, but when he is able to do this, he would actually
> be able to write the JS into one of the other WP files anyway (given
> they are server-writable). The capability of editing files is usually a
> privilege to administrators in WordPress.
> Best regards,
> Alex Günsche
> Alex Günsche, Zirona OpenSource-Consulting
> work: http://www.zirona.com/ | leisure: http://www.roggenrohl.net
> PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers