[wp-hackers] Rethinking check_admin_referer()
David House
dmhouse at gmail.com
Tue Apr 18 09:11:40 GMT 2006
On 18/04/06, Paul Mitchell <wp-hackers at paul-mitchell.me.uk> wrote:
> My bug report for this flaw would be "In all known versions of
> WordPress, anyone trusted to write a draft can also nuke the blog" and I
> would classify it "critical security". I'm glad I don't have to fix this
> one.
How about this:
1) Admin writes a post.
2) Malicious user leaves a comment with an "image", whose source
redirecs to http://yoursite.com/wp-admin/post.php?action=delete&post=123
3) Admin logs in
4) Manage -> Comments
5) Post is deleted.
No need to be able to create drafts.
--
-David House, dmhouse at gmail.com, http://xmouse.ithium.net
More information about the wp-hackers
mailing list