[wp-hackers] Reputed XSS issue with WordPress (templates.php)

Elliotte Harold elharo at metalab.unc.edu
Tue Feb 13 17:59:21 GMT 2007


Alex Günsche wrote:

> With the same arguments, you could say that other managing actions which
> are triggered by a GET request are vulnerable to XSS attacks.

Very possibly they are. Managing actions should not be triggered by GET 
requests. Full stop.

I doubt we've seen the last or the worst of these attacks.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/


More information about the wp-hackers mailing list