Advisory - Redirection Vulnerability in wp-login.php.
Vendor
------
Wordpress (http://www.wordpress.org).
Severity
--------
Moderate.
Dated
-----
03 March 2007.
Versions Affected
-----------------
All.
Issue
-----
The wp-login.php page redirects a user to arbitrary page after
successful login by setting the redirect_to url parameter.
For example if a user logins successfully with his credentials
on the following page
http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in
He will be redirected to www.google.co.in.
Impact
------
This can lead to credentials stealing. Also cookie stealing
is possible coupled with some browser bugs.
Vendor Status
-------------
Reported on 03 March 2007. Fix will be made available in next version.
--
MSG // http://www.metaeye.org