[wp-trac] Re: [WordPress Trac] #4344: new vulnerability in WordPress
WordPress Trac
wp-trac at lists.automattic.com
Sun May 27 04:47:31 GMT 2007
#4344: new vulnerability in WordPress
-----------------------+----------------------------------------------------
Reporter: PsychoGun | Owner: anonymous
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: |
-----------------------+----------------------------------------------------
Changes (by g30rg3x):
* priority: highest omg bbq => normal
* status: new => closed
* resolution: => invalid
Comment:
you need the "_wp_unfiltered_html_comment" Token for getting the admin
posting data with no-filtering and obviously for getting work your XSS...
So if you test your PoC you will see there is no security breach...
--
Ticket URL: <http://trac.wordpress.org/ticket/4344#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list