Make WordPress Core

Opened 17 years ago

Closed 17 years ago

#4811 closed defect (bug) (fixed)

CSRF & XSS on some importers

Reported by: xknown's profile xknown Owned by:
Milestone: 2.3 Priority: high
Severity: major Version: 2.3
Component: Security Keywords: has-patch commit
Focuses: Cc:


On trunk, Ultimate Tag Warrior and Category to Tag Converter are vulnerable to CSRF and XSS.

Proof of Concepts

  1. CSRF: Convert all categories to tags without user confirmation. http://localhost/wp/wp-admin/admin.php?import=wp-cat2tag&step=4

  1. XSS: Someone has commited code to debug wp-cat2tag converter:
    echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
    It allows XSS attacks:

Attachments (1)

importers.diff (2.6 KB) - added by xknown 17 years ago.
Avoid CSRF and XSS on some importers

Download all attachments as: .zip

Change History (3)

17 years ago

Avoid CSRF and XSS on some importers

#1 @rob1n
17 years ago

  • Keywords has-patch commit added
  • Milestone set to 2.3
  • Priority changed from normal to high
  • Severity changed from normal to major

I'm partially to blame for the UTW importer (didn't check it over before committing) and wholly to blame for the second one (bad coding).

+2 to the patch.

#2 @ryan
17 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5941]) Add nonces to tag importers. Props xknown. fixes #4811

Note: See TracTickets for help on using tickets.