[wp-hackers] Reputed XSS issue with WordPress (templates.php)
Elliotte Harold
elharo at metalab.unc.edu
Tue Feb 13 17:59:21 GMT 2007
Alex Günsche wrote:
> With the same arguments, you could say that other managing actions which
> are triggered by a GET request are vulnerable to XSS attacks.
Very possibly they are. Managing actions should not be triggered by GET
requests. Full stop.
I doubt we've seen the last or the worst of these attacks.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
More information about the wp-hackers
mailing list