[wp-hackers] FW: Wordpress All versions XSS

wordpress at nazgul.nu wordpress at nazgul.nu
Wed May 2 20:19:18 GMT 2007

-----Original Message-----
From: jcarlos.norte at gmail.com [mailto:jcarlos.norte at gmail.com] 
Sent: woensdag 2 mei 2007 2:11
To: bugtraq at securityfocus.com
Subject: Wordpress All versions XSS

Advisory by Jose Carlos Norte

Wordpress is vulnerable to XSS attacks when custom 404 pages are used by the

The problem (sidebar.php):

<form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF'];

if wordpress template use custom 404 pages, like:

<?php get_header(); ?>

        <div id="content" class="narrowcolumn">

                <h2 class="center">Error 404 - Not Found</h2>


<?php get_sidebar(); ?>

$_SERVER['PHP_SELF']; can contain special characters to break out html and
perform XSS attacks, example:


if no custom 404 page set by wordpress theme this attacks is not posible.

More information about the wp-hackers mailing list