Opened 18 years ago
Closed 18 years ago
#4012 closed defect (bug) (fixed)
XSS on page-new.php
Reported by: | xknown | Owned by: | |
---|---|---|---|
Milestone: | 2.0.10 | Priority: | highest omg bbq |
Severity: | normal | Version: | 2.1.2 |
Component: | Security | Keywords: | 2nd-opinion dev-feedback |
Focuses: | Cc: |
Description
Someone posted on sla.cker.org forums a new XSS vulnerability that affects all versions, including the trunk.
Attachments (1)
Change History (8)
#1
@
18 years ago
The given PoC is:
http://wp/wp-admin/page-new.php?saved="><script>alert(123)</script>
PS. The patch is only for the trunk
#4
@
18 years ago
- Cc charleshooper added
- Keywords 2nd-opinion dev-feedback added
- Resolution fixed deleted
- Status changed from closed to reopened
Not to step on any toes as I understand this is a high priority item, however is casting to int adequate? I'm referring to the fact that wp_posts.ID
is a BIGINT-sized column and the maximum size integer on 32-bit systems is 2,147,483,647. Not that I think many people out there have over 2 billion posts, but I feel that if we impose a limit (by casting a variable to int) then we should update the schema accordingly. Think of it as a SQL optimization if you must.
#5
@
18 years ago
- Resolution set to fixed
- Status changed from reopened to closed
I just took a look at the schema and also noticed that other tables create their relative post_ID fields as INT(11), I'll close this again and open another ticket as they are separate issues.
Cast to int page id