[wp-hackers] Reputed XSS issue with WordPress (templates.php)
Bas Bosman
wordpress at nazgul.nu
Tue Feb 13 17:37:07 GMT 2007
> On Tue, 2007-02-13 at 17:44 +0100, Bas Bosman wrote:
>> This can be triggered by users without the edit files capability. You
>> just
>> have to trick somebody with that capability to click that specially
>> crafted link, by mailing a link or posting it in a comment for instance.
>
> Maybe so, but doesn't this fall into the "social engineering" category?
>
> With the same arguments, you could say that other managing actions which
> are triggered by a GET request are vulnerable to XSS attacks.
Yes, but that's why they're called cross-site scripting attacks. They can
be triggered from other sites.
Any managing action which allows custom JavaScript to be directly executed
from a request is a XSS vulnerability and should be fixed.
Regards,
Bas Bosman (Nazgul)
More information about the wp-hackers
mailing list