[wp-trac] [WordPress Trac] #3515: XSS through author's url in
comments
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 2 01:01:05 GMT 2007
#3515: XSS through author's url in comments
----------------------+-----------------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.2
Component: Security | Version: 2.0.5
Severity: major | Keywords: xss, comments
----------------------+-----------------------------------------------------
Due to bad validation of author's url value in comments, someone can
easily inject javascript code in the href attribute:
You can try with this value in the author's url field:
{{{
javascript:alert(document.cookie);v//://
}}}
To "exploit" this bug, as you can see, it needs user (logged) interaction
PS. Sorry for my bad English
--
Ticket URL: <http://trac.wordpress.org/ticket/3515>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list