Opened 6 years ago
Closed 6 years ago
#4012 closed defect (bug) (fixed)
XSS on page-new.php
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | highest omg bbq | Milestone: | 2.0.10 |
| Component: | Security | Version: | 2.1.2 |
| Severity: | normal | Keywords: | 2nd-opinion dev-feedback |
| Cc: | charleshooper |
Description
Someone posted on sla.cker.org forums a new XSS vulnerability that affects all versions, including the trunk.
Attachments (1)
Change History (8)
The given PoC is:
http://wp/wp-admin/page-new.php?saved="><script>alert(123)</script>
PS. The patch is only for the trunk
- Resolution set to fixed
- Status changed from new to closed
comment:4
charleshooper — 6 years ago
- Cc charleshooper added
- Keywords 2nd-opinion dev-feedback added
- Resolution fixed deleted
- Status changed from closed to reopened
Not to step on any toes as I understand this is a high priority item, however is casting to int adequate? I'm referring to the fact that wp_posts.ID is a BIGINT-sized column and the maximum size integer on 32-bit systems is 2,147,483,647. Not that I think many people out there have over 2 billion posts, but I feel that if we impose a limit (by casting a variable to int) then we should update the schema accordingly. Think of it as a SQL optimization if you must.
comment:5
charleshooper — 6 years ago
- Resolution set to fixed
- Status changed from reopened to closed
I just took a look at the schema and also noticed that other tables create their relative post_ID fields as INT(11), I'll close this again and open another ticket as they are separate issues.
- Milestone changed from 2.1.3 to 2.0.10
- Resolution fixed deleted
- Status changed from closed to reopened
Reopening for 2.0 inclusion.
Cast to int page id