Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#3988 closed defect (bug) (fixed)

Sanitize pagenow in admin-header.php

Reported by:	xknown	Owned by:	anonymous
Priority:	highest omg bbq	Milestone:	2.1.3
Component:	Security	Version:	2.1.2
Severity:	critical	Keywords:	has-patch
Cc:	charleshooper

Description

In admin-header.php there's a wp_enqueue_script call that uses the value of pagenow variable, it should be sanitized before output.

PS. Thursday I've sent to security@… a PoC that uses this variable to perform an XSS/CSRF attack.

Attachments (1)

admin-header.diff (662 bytes) - added by xknown 6 years ago.: escape pagenow value

Download all attachments as: .zip

Change History (5)

xknown — 6 years ago

Attachment admin-header.diff added

escape pagenow value

comment:1 foolswisdom — 6 years ago

Priority changed from normal to highest omg bbq
Severity changed from normal to critical

comment:2 charleshooper — 6 years ago

Cc charleshooper added
Keywords has-patch added

comment:3 ryan — 6 years ago

Resolution set to fixed
Status changed from new to closed

(In [5059]) escape pagenow. Props xknown. fixes #3988 for trunk

comment:4 ryan — 6 years ago

(In [5060]) escape pagenow. Props xknown. fixes #3988 for 2.1

Note: See TracTickets for help on using tickets.

Download in other formats: