[wp-trac] [WordPress Trac] #46472: Preventing XSS to RCE Scenarios based on Referrer

WordPress Trac noreply at wordpress.org
Wed Mar 13 06:12:50 UTC 2019


#46472: Preventing XSS to RCE Scenarios based on Referrer
-------------------------+------------------------------
 Reporter:  nomanriffat  |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  General      |     Version:  trunk
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:
-------------------------+------------------------------

Comment (by nomanriffat):

 Thought about it again and realized this is still not robust solution. For
 example an attacker can open iframe and crawl into its DOM and submit
 form. There is a solution for it too i.e. set X-Frame-Options to deny on
 even same-origin.


 2nd use case is that an attacker can open child window and walk into its
 DOM and submit form. I don't find any technique to disable Javascript to
 get executed from parent window into child window. If someone can overcome
 this then we can have a robust solution.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46472#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list