WordPress.org
Get WordPress

Make WordPress Core

Changes between Version 2 and Version 3 of Ticket #3879


Ignore:
Timestamp:
02/27/2007 11:14:12 PM (18 years ago)
Author:
markjaquith
Comment:

Just clearing up some confusion... some people think that this has something to do with deleting posts because of the specific example that was released. The exploit is more general than that, and it is purely an XSS hole.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #3879

    • Property Summary changed from XSS in 2.1.1 input passed to the "post" parameter in wp-admin/post.php to XSS in 2.1.1 in AYS for HTTP GET requests

  • Ticket #3879 – Description

    v2 v3  
    44
    55Successful exploitation requires that the target user is logged in as administrator.
     6
     7----
     8
     9The exploit is actually more general than that: for any action that triggers nonce verification, the URL for the "Yes" action is not properly sanitized, and a specially crafted URL can escape from the link's {{{href}}} attribute and inject arbitrary  HTML.  The "delete" action and the "post" parameter just happen to be the ones used in the example.