Re: Wordpress <= v2.1.0

看板Bugtraq作者時間19年前 (2007/03/07 00:30), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/3 (看更多)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 take a look at http://codex.wordpress.org/Roles_and_Capabilities By design the administrator can post anything ... even js/html ciri@virtuax.be wrote: > If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques. > > More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt - -- Regards Vladimir Vitkov Operations Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7SZYoiOVExCFVC0RAgMfAKC62x+mbjzHlhTEQn3QZg9IIyJokgCgmf9w G2DDt/YPlrn22KDNzWGbJx4= =UJPB -----END PGP SIGNATURE-----
更多 vvitkov. 的文章
文章代碼(AID): #15xPSS00 (Bugtraq)
更多 vvitkov. 的文章
文章代碼(AID): #15xPSS00 (Bugtraq)