Full Disclosure mailing list archives
Re: Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com
From: Andrew Farmer <andfarm () gmail com>
Date: Tue, 13 Nov 2007 18:47:32 -0800
On 13 Nov 07, at 18:08, XSS Worm XSS Security Information Portal wrote:
We have looked at coding for wp-slimstat but we cannot see any problem with input validating. Maybe some of the xssworm.com readers can show us where problem is in the php code because we cannot see any porblem here:
OK, I'll bite... <snip>
href="?page='.$_GET['page'].'&panel='.$_GET["panel"].'">'.__('Reset filters', 'wp-slimstat').'</a>':").' <input type="hidden" name="page" value="'.$_GET['page'].'" /> <input type="hidden" name="panel" value="'.$_GET["panel"].'" /> <input type="hidden" name="fd" value="'.$_GET["fd"].'" /></form>';
Those all look like you could escape from the tag attribute with a well-placed double quote, assuming that there's no preprocessing on $_GET. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com XSS Worm XSS Security Information Portal (Nov 13)
- Re: Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com Andrew Farmer (Nov 13)
- Re: Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com dave-san (Nov 13)
- Re: Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com XSS Worm XSS Security Information Portal (Nov 13)