[wp-hackers] Reputed XSS issue with WordPress (templates.php)

Bas Bosman wordpress at nazgul.nu
Tue Feb 13 18:21:50 GMT 2007


>> Any managing action which allows custom JavaScript to be directly
>> executed
>> from a request is a XSS vulnerability and should be fixed.
>
> I didn't get XSS with the sample exploit link.  Once I clicked through
> the AYS though,  I got another AYS and XSS.  We just need to
> specialchars the output of wp_explain_nonce().

That's indeed the best fix for this issue, but I hope my other mail
proofed that this can be used for XSS. (That the original exploit code
didn't do much doesn't mean it can't be adapted)

Regards,
Bas Bosman (Nazgul)



More information about the wp-hackers mailing list