[wp-hackers] Security Vulnerability found - Forum Post
john at sinteur.com
Wed Apr 13 15:43:45 GMT 2005
On Apr 13, 2005, at 17:29, Mike Little wrote:
>> In essence, the 'exploit' is that a registered user with posting
>> executed or the iframe be visible in any readers browser!
Consider this scenario:
on a weblog, "options - general" the owner has checked: "anyone can
in "options - writing" the owner has checked "Newly registered members:
May submit drafts for review" (or worse "May publish articles" but
let's forget about that for now)
attempts to steal the admin cookie.
Owner logs on, sees a new draft, clicks on it to view, and has just
lost his weblog.
More information about the wp-hackers