Ticket #3988 (closed defect (bug): fixed)

Opened 5 years ago

Last modified 5 years ago

Sanitize pagenow in admin-header.php

Reported by: xknown Owned by: anonymous
Priority: highest omg bbq Milestone: 2.1.3
Component: Security Version: 2.1.2
Severity: critical Keywords: has-patch
Cc: charleshooper

Description

In admin-header.php there's a wp_enqueue_script call that uses the value of pagenow variable, it should be sanitized before output.

PS. Thursday I've sent to security@… a PoC that uses this variable to perform an XSS/CSRF attack.

Attachments

admin-header.diff Download (662 bytes) - added by xknown 5 years ago.
escape pagenow value

Change History

xknown5 years ago

escape pagenow value

comment:1   foolswisdom5 years ago

  • Priority changed from normal to highest omg bbq
  • Severity changed from normal to critical

comment:2   charleshooper5 years ago

  • Cc charleshooper added
  • Keywords has-patch added

comment:3   ryan5 years ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [5059]) escape pagenow. Props xknown. fixes #3988 for trunk

comment:4   ryan5 years ago

(In [5060]) escape pagenow. Props xknown. fixes #3988 for 2.1

Note: See TracTickets for help on using tickets.