[wp-trac] Re: [WordPress Trac] #10294: CSRF through the img tag
WordPress Trac
wp-trac at lists.automattic.com
Wed Jul 1 08:14:56 UTC 2009
#10294: CSRF through the img tag
--------------------------+-------------------------------------------------
Reporter: SaltwaterC | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 2.8
Severity: normal | Resolution: invalid
Keywords: |
--------------------------+-------------------------------------------------
Changes (by hakre):
* status: reopened => closed
* resolution: => invalid
Comment:
Replying to [comment:4 SaltwaterC]:
> Please do us all a favor: fire up a WordPress instance, create a new
article as an unprivileged user who has filtered HTML on, then embed these
couple of 'images'. In order to work you need to be authenticated on
wordpress.org and core.trac.wordpress.org:
>
> <img src="http://wordpress.org/extend/plugins/bb-login.php?logout"
alt="" />
> <img src="http://core.trac.wordpress.org/logout" alt="" />
this is a problem with the used trac as well the used bb version. This is
not related to WordPress. You can do this with a static HTML file as well
containing these links.
You can prevent such security risks if you configure your browser to not
load linked files like images. I guess it is not the web you want to use,
but those are the implications of automatically requested URLs in your
browser. This is actually how it works (e.g. the html IMG element).
Again: This is not a WordPress Issue. Feel free to report this security
related stuff for the other projects, like trac.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10294#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list