#22861 closed defect (bug) (invalid)
Wordpress 3.5 - Cross Site Scripting Vulnerability
Reported by: | shubhammittal01 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
Hi, My name is Shubham Mittal. I have a bug at new Wordpress (latest version, 3.5). This bug is Cross Site Scripting.
[XSS] New Wp-Post
Exploit Title: CMS Wordpress - XSS Vulnerability
Author : Shubham Mittal
E-mail : upgoingstaar@…
Webpage: http://3ncrypt0r.blogspot.com[[BR]]
Version CMS : Version 3.5 (Last Version)
Category : WebApps / Content Management System (CMS)
Security Risk: Medium Level
Link Downlaod: http://www.wordpress.org/
Tested On : Mozilla Firefox + WAMP + Windows 7 64 Bit
[Information Content]
WordPress - Web Publishing Software. http://www.wordpress.org/
[Vulnerability Details]
XSS CODE:
<script>alert("XSSedByShubham")>
</script<script>alert(document.cookie);</script>
<script>window.open("http://www.google.com/")</script>
Exploit Report:
- Create / Edit Wp-Post
Input "Title Post" with script XSS Code.
<script>alert("XSSedByShubham")</script>
- http://example.com/wp-admin/post-new.php <---Publish It
- View XSS, Alert Box will pop up. http://example.com/?p=xxx <--XSSed
http://4.bp.blogspot.com/-zNKPa-mQPEc/UMejBt8a3HI/AAAAAAAABQQ/HsG9RQnRwlg/s1600/post+xss.jpg
Thanks
Shubham Mittal
@upgoingstar
Change History (4)
#1
@
12 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Version 3.5 deleted
#3
@
12 years ago
- Component changed from General to Security
See: http://codex.wordpress.org/FAQ_Security#Why_are_some_users_allowed_to_post_unfiltered_HTML.3F.
Also, when creating this ticket, this appeared at the top of the form:
Do not report potential security vulnerabilities here. Read the Security FAQ and email us at security@wordpress .org.
Administrators and Editors have the unfiltered_html capability and are allowed to do this.
Also, please do not report "security issues" publicly. http://codex.wordpress.org/Security_FAQ#Where_do_I_report_security_issues.3F
Duplicate: #19014