[wp-trac] Re: [WordPress Trac] #4344: Posting comments from
external websites
WordPress Trac
wp-trac at lists.automattic.com
Sun May 27 11:23:16 GMT 2007
#4344: Posting comments from external websites
-----------------------+----------------------------------------------------
Reporter: PsychoGun | Owner: anonymous
Type: defect | Status: reopened
Priority: high | Milestone:
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
-----------------------+----------------------------------------------------
Changes (by Linusmartensson):
* priority: normal => high
* status: closed => reopened
* resolution: invalid =>
* summary: new vulnerability in WordPress => Posting comments from
external websites
Comment:
Replying to [comment:3 g30rg3x]:
> you need the "_wp_unfiltered_html_comment" Token for getting the admin
posting data with no-filtering and obviously for getting work your XSS...
> So if you test your PoC you will see there is no security breach...
The problem with this vulnerability isn't XSS in itself, it's the
possibility to send comments from a malicious website. However, (correct
me if I'm mistaken) this should be solvable by identifying the referrer
and denying the comment if it comes from another website, right?
--
Ticket URL: <http://trac.wordpress.org/ticket/4344#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list