[wp-hackers] Security Vulnerability found - Forum Post
chrisdmitri at gmail.com
Wed Apr 13 17:27:45 GMT 2005
And the owner set him/herself up for that when they checked users can
register and new users can submit drafts or post articles.
Seriously people exactly when do we require some sort of
accountability on the part of the user?
On 4/13/05, John Sinteur <john at sinteur.com> wrote:
> On Apr 13, 2005, at 17:29, Mike Little wrote:
> >> In essence, the 'exploit' is that a registered user with posting
> >> executed or the iframe be visible in any readers browser!
> Consider this scenario:
> on a weblog, "options - general" the owner has checked: "anyone can
> in "options - writing" the owner has checked "Newly registered members:
> May submit drafts for review" (or worse "May publish articles" but
> let's forget about that for now)
> attempts to steal the admin cookie.
> Owner logs on, sees a new draft, clicks on it to view, and has just
> lost his weblog.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers