[wp-trac] [WordPress Trac] #4811: CSRF & XSS on some importers
WordPress Trac
wp-trac at lists.automattic.com
Sat Aug 25 02:56:41 GMT 2007
#4811: CSRF & XSS on some importers
----------------------+-----------------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Security | Version: 2.3
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
On trunk, Ultimate Tag Warrior and Category to Tag Converter are
vulnerable to CSRF and XSS.
Proof of Concepts
1. CSRF: Convert all categories to tags without user confirmation.
http://localhost/wp/wp-admin/admin.php?import=wp-cat2tag&step=4
2. XSS: Someone has commited code to debug wp-cat2tag converter:
{{{
echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
}}}
It allows XSS attacks:
{{{
http://localhost/wp/wp-admin/admin.php?import=wp-
cat2tag&--><script>alert(/XSS/)</script>
}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/4811>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list