WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #20593


Ignore:
Timestamp:
05/01/2012 07:38:05 PM (6 years ago)
Author:
nacin
Comment:

In the future, please follow the instructions on the new ticket page:

Do not report potential security vulnerabilities here. Read the Security FAQ and email us at security@….

Feel free to email us and we will gladly communicate with you.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #20593

    • Property Status changed from new to closed
    • Property Resolution changed from to invalid
    • Property Milestone changed from Awaiting Review to
  • Ticket #20593 – Description

    initial v1  
    11Wordpress Admin panel has x-frame-option which prevent clickjacking but in main page of blog no x-frame-option has been set, so it possible to trick him and make him to post a comment, using Clickjacking. As you may know admin can post comment with html and it is obvious by default this isn't dangerous, But as blog main page has no x-frame-option it is possible to make XSS of it and finally you can mix ClickJacking /XSS / HTTPOnly Disclosure to make a working exploit.
    22
    3 here is video of  PoC :
    4 
    5 http://www.sendspace.com/file/60wxge
    6 
    7 here is PoC :
    8 
    9 http://www.sendspace.com/file/o754pt
    10 
    113thanks Abysssec Team