[Full-disclosure] WordPress Persistent XSS
David Kierznowski
david.kierznowski at gmail.com
Sat Dec 30 17:33:51 GMT 2006
Deepan,
Please see my most recent post:
http://michaeldaw.org/md-hacks/wordpress-templatephp-exploit/
David
On 30/12/06, Deepan <codeshepherd at gmail.com> wrote:
> On Wed, 2006-12-27 at 09:33 +0000, David Kierznowski wrote:
> > Vulnerability Title: WordPress Persistent XSS
> > Author: David Kierznowski
> > Homepage: http://michaeldaw.org
> > Software Vendor: WordPress Persistent XSS
> > Versions affected: Confirmed in v2.0.5 (latest)
> >
> > See homepage for more details.
> >
> > WordPress was contacted: 26/12/06 22:04 BST
> > Reply received: 27/12/06 06:11 BST
> > WordPress has fixed this for v2.0.6, see
> > http://trac.wordpress.org/changeset/4665
>
>
> Dont you need admin privileges to access the templates.php url ?
> I am overseeing anything ?
>
>
>
> --
> -----------------------------------------------
> Regards
> Deepan Chakravarthy N
> http://www.codeshepherd.com/
> http://sudoku-solver.net/
>
>
Full-Disclosure is hosted and sponsored by Secunia.