[wp-trac] [WordPress Trac] #2454: Comment URL not cleaned before
set in cookie
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 15 23:30:20 GMT 2006
#2454: Comment URL not cleaned before set in cookie
----------------------------+-----------------------------------------------
Id: 2454 | Status: new
Component: Administration | Modified: Wed Feb 15 23:30:20 2006
Severity: trivial | Milestone: 2.1
Priority: low | Version: 2.0.1
Owner: anonymous | Reporter: skeltoac
----------------------------+-----------------------------------------------
The following article claims that this is a security hole. Dougal and I
disagree: you can't steal cred cookies with this vector because the URL
cookie is only set in the browser of the person submitting the comment,
and the affected control only appears when the visitor is not logged in.
Anyway, attached is a patch to clean the URL before setting the cookie.
http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-
attack.html#more-14
--
Ticket URL: <http://trac.wordpress.org/ticket/2454>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list