[wp-trac] [WordPress Trac] #46472: Preventing XSS to RCE Scenarios based on Referrer
WordPress Trac
noreply at wordpress.org
Wed Mar 13 06:12:50 UTC 2019
#46472: Preventing XSS to RCE Scenarios based on Referrer
-------------------------+------------------------------
Reporter: nomanriffat | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+------------------------------
Comment (by nomanriffat):
Thought about it again and realized this is still not robust solution. For
example an attacker can open iframe and crawl into its DOM and submit
form. There is a solution for it too i.e. set X-Frame-Options to deny on
even same-origin.
2nd use case is that an attacker can open child window and walk into its
DOM and submit form. I don't find any technique to disable Javascript to
get executed from parent window into child window. If someone can overcome
this then we can have a robust solution.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46472#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list