Hacker releases exploits for Wordpress 2.3 with XSS (Cross Site Scripting) Attack
Title of XSS Vulnerability: [waraxe-2007-SA#059] - XSS in WordPress 2.3
Credit of XSS Discovery: Janek Vind “waraxe”
XSS Discovery Date: 27. October 2007
XSS Discovery Location: Estonia, Tartu
Web address for XSS security alert: http://www.waraxe.us/advisory-59.html
Description of XSS Exploit:
WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability, at expense of security.
To run WordPress your host just needs a couple of things:
PHP version 4.2 or greater
MySQL version 4.0 or greater
Technical XSS Information: Cross-Site Scripting (XSS) in “edit-post-rows.php”
WARAXE Writes: Let’s take have a look inside “/wp-admin/edit-post-rows.php”:
[start of section of source code with XSS exploit for wordpress]
<?php foreach($posts_columns as $column_display_name) { ?>
<th scope=”col”><?php echo $column_display_name; ?></th>
<?php } ?>
[end of vulnerable source code section]
As we can see, array “posts_columns” is uninitialized and if we execute this php script directly, then arbitrary value for that variable can be delivered. This means, that reflective XSS exists here.
And of course register_globals must be on for this “exploit” to be successful.
XSS Proof of concept worm:
http://victim.com/wp-admin/edit-post-rows.php?posts_columns[]=<script>alert(123);</script>
The information above has been provided by the website of WARAXE.US
Hosting Php Sql Web Said,
October 7, 2008 @ 9:53 am
found your site on del.icio.us today and really liked it.. i bookmarked it and will be back to check it out some more later ..
Social Bookmarks Submitter Said,
October 8, 2008 @ 9:23 pm
Submit Links to Social Bookmarking Websites Automatically! Get Thousands of Visitors! Increase Website Traffic and Income with Automatic Social Bookmarks Submitter. Prepare to upgrade your servers today