Bugtraq mailing list archives
Advisory - Redirection Vulnerability in wp-login.php.
From: Metaeye SG <contact () metaeye org>
Date: Tue, 20 Mar 2007 20:31:03 +0530
Vendor ------ Wordpress (http://www.wordpress.org). Severity -------- Moderate. Dated ----- 03 March 2007. Versions Affected ----------------- All. Issue ----- The wp-login.php page redirects a user to arbitrary page after successful login by setting the redirect_to url parameter. For example if a user logins successfully with his credentials on the following page http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in He will be redirected to www.google.co.in. Impact ------ This can lead to credentials stealing. Also cookie stealing is possible coupled with some browser bugs. Vendor Status ------------- Reported on 03 March 2007. Fix will be made available in next version. -- MSG // http://www.metaeye.org
Current thread:
- Advisory - Redirection Vulnerability in wp-login.php. Metaeye SG (Mar 20)