Changes between Initial Version and Version 1 of Ticket #20593

Timestamp:
05/01/12 19:38:05 (13 months ago)
Author:
nacin
Comment:

In the future, please follow the instructions on the new ticket page:

Do not report potential security vulnerabilities here. Read the Security FAQ and email us at security@….

Feel free to email us and we will gladly communicate with you.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #20593

    • Property Status changed from new to closed
    • Property Resolution changed from to invalid
    • Property Milestone changed from Awaiting Review to

  • Ticket #20593 – Description

    initial v1  
    11Wordpress Admin panel has x-frame-option which prevent clickjacking but in main page of blog no x-frame-option has been set, so it possible to trick him and make him to post a comment, using Clickjacking. As you may know admin can post comment with html and it is obvious by default this isn't dangerous, But as blog main page has no x-frame-option it is possible to make XSS of it and finally you can mix ClickJacking /XSS / HTTPOnly Disclosure to make a working exploit. 
    22 
    3 here is video of  PoC : 
    4  
    5 http://www.sendspace.com/file/60wxge 
    6  
    7 here is PoC : 
    8  
    9 http://www.sendspace.com/file/o754pt 
    10  
    113thanks Abysssec Team